A new malware has come into light which can be a bad news for corporates. The malware is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers. These are called cryptomining malware.
Cryptomining malware, or cryptocurrency mining malware or simply cryptojacking, is a relatively new term that refers to software programs and malware components developed to take over a computer’s resources and use them for cryptocurrency mining without a user’s explicit permission.
Cyber criminals have increasingly turned to cryptomining malware as a way to harness the processing power of large numbers of computers, smartphones and other electronic devices to help them generate revenue from cryptocurrency mining. A single cryptocurrency mining botnet can net cyber criminals more than $30,000 per month, according to a recent report from cybersecurity company Kaspersky Labs.
As per an article in the 7th June issue of Forbes, all cryptocurrencies (especially bitcoin), are generated by “mining.” By mining, what we mean is a computationally intensive task that utilizes a lot of energy and processing power for verifying transactions. Successful miners are rewarded with a “coin,” which is added to a digital wallet — or, in the case of crypto jacking, to the digital wallet belonging to the hackers. For the first time, malware can directly “print money” for criminals.
Traditionally, malware accesses a computer by way of some compromising event. One means of recruitment is via third-party applications and plugins. For example, in February 2018, more than 5,000 Australian and global government websites were hijacked by the Coinhive cryptocurrency mining software through the Browsealoud plugin.
The malware named PowerGhost by Kaspersky Lab which unearthed it uses file-less techniques to establish the illegal miner within the victim system.
“The malicious program uses lots of file-less techniques to remain inconspicuous to the user and undetected by antivirus technologies. The victim machine is infected remotely using exploits or remote administration tools (Windows Management Instrumentation). During infection, a one-line PowerShell script is run that downloads the miner’s body and immediately launches it without writing it to the hard drive,” the Lab said.
The threat from crypto-currency mining software has sky rocketed in recent times, replacing ransomware as the main type of malicious software, as previous Kaspersky Lab research had shown.
The script of the malware works in various steps. First, PowerGhost checks if a new version is available. If there is, it downloads the new version and launches it instead of itself. In the second step, the malware starts propagating through the network of computers, infesting as many devices as possible.
In the next couple of steps, the malware tries to escalate its privileges and establishes a foothold in the system using various manoeuvres.
The Lab also found some extremely dangerous implication of the malware attack. “In one PowerGhost version, we detected a tool for conducting DDoS attacks. The malware writers obviously decided to make some extra money by offering DDoS services,” the Lab said.
The developing world was the biggest target of the malware with India, Brazil, Columbia and Turkey encountering most of them. In India, up to 290 users were affected by the malware.
This is as per a news report in Moneycontrol.com.