Attackers introduce WebCobra through Microsoft installer
McAfee Labs researchers recently discovered a Russian malware that steals computing power and secretly mines cryptocurrency. Researchers claim that the new crypto-jacking malware, WebCobra, illicitly uses the victim’s computer to mine Zcash or Monero. One feature of this malware is that it installs a different miner based on the configuration of your computer.
Researchers at ESET also discovered a new malware that integrates itself in the computer’s firmware. Accordingly, this makes it difficult for users to find. Importantly, it is also very difficult to remove this embedded malware. No one can remove this malware by using regular anti-malware products. It survives the re-installation of an operating system as well as replacement of hard disk of a computer. The researchers found that the attackers introduce the malware through a Microsoft installer. It is the same package used to install Cryptonight miners on x86 systems and the Zcash miner on x64 systems.
Miners primarily use the Cryptonight miner to mine Monero. It shows equal compatibility with other cryptocoins using Cryptonight algorithm. The researchers tracked the origin of this malware to Russia. The malware is making a major impact in South Africa and Brazil with the U.S. getting the largest share.
The incidences of crypto jacking and scamming are increasing day by day. Recently, the U.S. Commodity Futures Trading Commission (CFTC) fined an Arizona resident, Joseph Kim for launching a fake trading scheme for virtual currency investors. Apart from trapping his former Chicago-based employee, Kim also lured other investors into his fraud scheme.
Researchers also discovered a new tactic that disguises a mining malware posing as a legitimate Windows file installer. The Swiss security experts warn crypto traders and miners that scammers continuously improve their techniques. According to McAfee labs, attacks similar to Trojan are now a part of a trend. The report from McAfee Research Labs say, “The increase in the value of cryptocurrencies has inspired cybercriminals to employ malware that steals machine resources to mine crypto coins without the victims’ consent.” This seems to be true at present. Hackers often use CoinHive, a Monero miner to generate more than $250,000 profit every month.
Finally, according to the researchers, the coin mining malware evolution will continue. This is due to low investment costs and risk. Importantly, the hackers do not have to depend on the victim transfering money.