Home Analysis The dangers of Monero mining malware

The dangers of Monero mining malware

by bojan

The growing popularity of cryptocurrencies has brought criminal activities, and malware crypto hacking has become very profitable for cyber offenders. During weekend more than 4000 websites got hacked, exploiting computers to mine digital currencies. The abuse was first discovered at the site of Information Commissioner’s Office (ICO) where hackers illegally mined the anonymous cryptocurrency called Monero. When the security researchers revealed the criminal activity, they closed the website, but the malware spread via website plug-in service before the site was shut down. Some other UK sites, as British data protection agency, and US federal courts website were also hacked, as well as some Australian government sites and thousands of others.

What is malware crypto hacking?

Malware crypto mining deals with hijacking CPU (central processing unit) power that hackers use for mining cryptocurrency. Cybersecurity professionals discovered 3 types of malware and the Coinhive ranks at the top of the list. Then there follow JSEcoin and Cryptoloot. Cybersecurity experts have noticed that one in five organizations worldwide were attacked by some form of Coinhive. This malware uses inbuilt Javascript to abuse the performance of the system. The hackers edited the plugins to embed a script of visitors’ computers to mine anonymous cryptocurrencies.

How are they hacking these websites?

Hackers are hijacking thousands of websites to mine the cryptocurrencies, but how they do it? They abuse a plugin called Browsealoud, created for blind and partially sighted, for mining to generate Monero or some other currency with a virus. In the latest known cybercriminal action, malware ran on thousands of sites for several hours – whenever an unknowing visitor accessed the sites he would mine cryptocurrency without his consent. These attacks show the weak spots of internet implying that hackers can abuse millions of sites since they cannot be fully controlled. Although Browsealoud has been prepared for the attacks, their clients were helpless after the action. However, in this particular case, the violators didn’t use the clients’ information, and they didn’t infect computers; they just used them for mining.

What is Monero?

Monero is a less known cryptocurrency based on a blockchain that differs from Bitcoin, for example. Blockchains are public ledgers that indicate transactions on the network, but monero’s blockchain was intentionally created to be obscure. It blurs the wallet addresses of users that send Moneros, making them even more anonymous.

Why is Monero North Korea’s new favorite cryptocurrency?

US cyber security organization, AlienVault, discovered malware that infected computers to mine Monero cryptocurrency and send it to North Korea. As you know, the United Nations imposed sanctions on North Korea, and in those countries affected by sanctions, cryptocurrencies turn out to be a financial lifeline. So there’s no wonder that Koreans show an increased interest in digital currencies, and, naturally, there have been many cases of malware crypto hacking.

Why is Monero so attractive to North Koreans?

That super anonymity is the exact reason why it’s favored by North Korea. Due to this anonymity, it’s safe from capital controls that restrict the fiat money. And knowing the fact that they are restricted by the imposed sanctions, Monero could become an alternative currency. Also, it takes 21 minutes for a Monero to be transferred, and that is a considerably less time than it takes for a bitcoin, for example. Transferring bitcoin can sometimes take several hours. In addition, Monero’s market capitalization is $5.9 billion, according to recent Coinmarketcap.com’s reports.

What’s the future of Monero?

Monero could solve a lot of issues that bitcoin is facing right now if it becomes mainstream. For example, you could pay your bills in cryptocurrency, and the opposite side can’t track your account and have insight into how much money you actually have. The anonymity keeps you safe and your financial state is your private thing.

Also, in the future, Monero could get into partnership with Litecoin, a rising cryptocurrency with greater recognition than Monero. The founder of Litecoin has recently confirmed this possibility. However, Monero is not the only cryptocurrency with this highly anonymous feature. There are other currencies on the market such as dash or zcash that claim that they possess an encryption that is almost impossible to trace.

If you want to buy Monero, you can‘t buy it on the greatest digital currency exchange Coinbase, but you can buy it on Kraken, Bitfinex or LocalMonero – if you want to buy it directly from someone.

Monero mining malware attacks Apple and Android

Chinese cybersecurity discovered that Monero mining malware can affect any kind of Android, including phones, TV sets, tablets, infecting the software to mine the cryptocurrency and send the gained funds to a single wallet. The Chinese experts say that this malware has been actively infecting devices since February 5th managing to corrupt about 7000 android devices due to high speed, doubling the number of scanned devices every 12 hours. This Monero mining malware represents a serious threat cause it may affect a large number of users and their devices worldwide.

The impact of cryptocurrency mining malware

Since cryptocurrencies have no borders and they can be sent anonymously by anyone, anyplace, anytime without delays and hidden charges, they are ideal for cybercriminals. The increasing popularity of cryptocurrencies is accompanied by malware activities that abuse devices and systems, turning them into mining machines. Mining does generate money, but, however, there are a few drawbacks such as the expensive hardware, and electricity costs. Cyber criminal miners zombify botnets of computers to perform mining using spam emails, malicious downloads, junkware that delivers bitcoin mining malware. They steal resources from the infected machines, affecting their performance by an attack through cross-site scripting, exploiting a remote code, password login attack, SQL injection, PHP arbitrary code injection etc. These illegal cyber actions jeopardize the integrity and security of network system causing serious disruptions in business and enabling information and system hijacking and theft leaving formidable consequences. However, there’s no silver bullet for the malware, but these actions can be reduced by a few practices such as updating devices, changing and strengthening the devices’ credentials, enabling firewalls or taking caution against known attack vectors.

You may also like