New Monero Cryptojacking Malware Targets Linux Users

February 7, 2019, | AtoZ Markets – Most of the hackers that use malware for the secret mining usually target the large cryptocurrency companies hijacking the mining system of the Monero coins (XMR). The recently detected secret Monero mining threat primarily affects Linux users as hackers attack Linux web servers around the world.

Cryptojacking is not a new thing

Since 2011 cryptojacking made possible for the criminals to use computer resources for mining bitcoins without special equipment. In addition, there is no need to be a highly qualified software engineer to engage in illegal business. In the second half of 2017, cybercriminals only began to develop malware that followed the cryptocurrency boom. Cryptojacking as a service can be bought on the dark web for only half of a US dollar. Because of the higher level of confidentiality and ambiguity inherent in some cryptocurrencies, such as Monero and Zcash, it is difficult to track and catch that kind hackers.

Last year, attacks on cryptocurrency users were widespread. So-called cryptojackers used to mine cryptocurrency through installing secret malware on the victim’s devices. In the first half of the last year, the number of malware detected increased by 500%.

Linux users on the cyber criminals radar

According to a survey conducted in August 2018, this new kind of the cyber crime has affected more than half of the companies in the UK. The results of a research conducted by JASK, a special cyber security company, showed that since its introduction in November 2018, an updated version of  the malware Trojan Shellbot  has spread world wide  as part of a growing campaign that targets infrastructure resources for cryptomining.

A recent study showed that an increasing number of malware for mining cryptocurrencies is still aimed at large corporations, hijacking victims for alt-mine Monero (XMR). Recently detected Romanian group of hackers called Outlaw, as Palo Alto Networks study showed supposedly disables the Linux users cloud security measures to prevent detection of the malicious programs.

According to the JASK company, the attackers group name is the translation of the Romanian word “haiduc”, which also gives the name to one of the payloads that the malware installs.

“The […] observed toolkit used by the attacker contains three main components: an Internet Relay Chat (IRC) boot for management and control (C2), Monero mining revenue stream and a popular scanning and brute force tool, haiduc,” explained JASK specialists.

Why Monero?

Monero (XMR) is a very popular privacy-focused cryptocurrency that started in 2014. It is one of the few cryptocurrencies that supports in-browser mining. One of platforms covering news related to cryptos recently reported a study that showed that only 4.3% of Monero (XMR) were mined by botnets. This year, some statistics indicated that about 4.4 percent of all XMR in circulation come from infamous sources. Among reasons explaining why Monero attracts cyber criminals that much, the crypto experts mention the simplicity of mining and confidentiality of XMR which are outstanding characteristics of this cryptocurrency. These features make XMR attractive for the bad actors who utilize the cryptocoin through the malicious software.

According to Justin Ehrenhofer, the head of the malware response team, there are two fundamental aspects that make Monero attractive to cryptojackers:

“Cybercriminals prefer XMR because of one thing: it’s confidential and crypto jackers don’t need to focus on organizations and authorities that follow what they do with a coin after its excavation. Secondly: Monero uses the Proof-of-Work calculation, the CPU is the same as for the GPU, therefore, damaged PCs are economical. These two aspects are progressive features, so hackers prefer to mine Monero rather than different digital currencies. ”

Think we missed something? Let us know in the comments section below.


Share Your Opinion, Write a Comment