MikroTik cryptojacking still in play with over 400K affected routers

The number of MikroTik routers that have been affected by a malicious malware that mines privacy-centric cryptocurrency Monero (XMR) has risen to 415,000, according to security researchers.

The cryptojacking malware was first discovered in August. According to a Trustwave report, the malware attacked the MikroTik routers after their systems became vulnerable earlier this year in April. Initially, hackers had penetrated 175,000 routers and then expanded to Eastern Europe, where they attacked 25,000 more routers. The hackers were using Coinhive and 15 other malware to mine XMR.

Since it was discovered, Twitter user VriesHd and researchers from Bad Packets have been following the cryptojacking malware. In September, they reported the number of affected MikroTik routers have risen to 280,000. In his recent tweet, VriesHd explains that the numbers have doubled since the initial attacks.

According to VriesHd, the number is derived from checking three possible ways hackers could be abusing MikroTik, although the number could be higher since the data reflects IP addresses known to have been infected with cryptojacking scripts. He noted that it would not surprise him if the actual number totals to somewhere around 350,000 to 400,000.

The researcher further found that the hackers are no longer exclusively using Coinhive; they have been using other mining software like Omine and CoinImp to mine the privacy-centric cryptocurrency.

To protect themselves from the malware, Bad Packets Report security expert Troy MUrsch advises MikroTik router users to download the latest firmware version available for their device. This will prevent the malware from using their routers to mine cryptocurrencies.

VriesHD also points out that internet service providers (ISPs) can also be used to fight the spread of malware by forcing over-the-air updates to the routers.

Cryptojacking cases continue to rise with figures increasing by 500% this year. According to reports, Brazil is the leading country affected by the malicious malware. Research shows that Coinhive has hit the country over 81,000 times in October. India ranks second with 29,000 discovered incidents followed by Indonesia, which has more than 23,000 cryptojacking cases.

The post MikroTik cryptojacking still in play with over 400K affected routers appeared first on CoinGeek.

Read More

Botnets increasingly used for crypto mining malware, Kaspersky says

Botnets are being repurposed to distribute crypto mining malware, using victim’s processing power and energy resources to mine for cryptocurrency, according to security experts at Kaspersky Labs.

The findings from cybersecurity company Kaspersky Labs identifies a growing trend towards using botnets in conjunction with crypto mining attacks, which allows hackers the opportunity to commandeer processing power from infected networks.

This processing power is then devoted to mining for cryptocurrencies, including the BTC token, which provides a source of funds for those behind the attacks.

According to the report, botnet owners are increasingly switching towards mining from other attack vectors, highlighting the profitability of this kind of attack. The research suggests that a corresponding drop in DDoS attacks could be as a result of attackers switching focus to mining over other types of malware.

“Evidence suggests that the owners of many well-known botnets have switched their attack vector toward mining. For example, the DDoS activity of the Yoyo botnet dropped dramatically, although there is no data about it being dismantled,” it noted.

The report goes on to say that the malware is often distributed alongside unlicensed, or pirated, software, explaining, “The more freely unlicensed software is distributed, the more miners there are. This is confirmed by our statistics, which indicates that miners most often land on victim computers together with pirated software.”

Kaspersky Labs has previously identified these types of attacks are being attractive for scammers, thanks to the difficulties with detection—both from law enforcement authorities, and from the victims themselves.

Running silently in the background, it is hard for victims to even identify when their system has been compromised, leading to a longer time to detection compared to other types of malware.

There was also the suggestion that some jurisdictions were more amenable to these types of attacks than others, with Kazakhstan, Vietnam and Indonesia amongst the most prominent locations for these types of attacks to originate, according to the report.

The report will serve as a reminder of the dangers of pirated software, and the type of attacks that can infect the computers of those who download software illegally.

The post Botnets increasingly used for crypto mining malware, Kaspersky says appeared first on Coingeek.

Read More

Cryptojacking malware hits Make-A-Wish Foundation site

Cybercriminals are at it again, this time setting their sights on a charity foundation.

Last week, researchers at security firm Trustwave reported that they have found a CoinImp crypto mining script has been injected into the official website of Make-A-Wish Foundation. In a blog post, the Trustwave researchers said the malware has been mining cryptocurrencies since May 2018. CoinImp has been using the website visitors’ computing power to mine cryptocurrencies.

Upon further investigation, researchers discovered that the foundation’s website became vulnerable earlier this year when its domain host, Drupal, became vulnerable to CVE-2018-7600, a remote code execution bug popularly known as “Drupalgeddon 2.” Drupal, an open source content management system, claimed that the vulnerability allowed hackers to inject malicious malware into specific websites that had failed to add in their security patch.

The CoinImp miner is based on the JavaScript and is generally used by individuals who secretly want to mine Monero currency using visitor’s phone, tablet or computer.

This particular cryptojacking incident was difficult to find because it used different techniques to avoid detection, according to Trustwave’s Simon Kenin. First, the malware changes the domain name that hosts the JavaScript miner. In addition, the WebSocket proxy also used different domains and IPs to avoid blacklist solutions.

Researchers have warned that Drupal-based websites need to be updated to avoid attacks from these and other malicious malware. Just this spring, the Drupalgeddon 2 bug, Remote Code Execution (RCE) vulnerability in the older versions of Drupal, affected more than 100,000 sites.

Meanwhile, McAfee Labs, an Internet security provider warned the public to watch out for a new cryptojacking malware called WebCobra. The company stated that unlike previous malware, the new cryptojacking malware could not be traced in the victim’s computer. The malware will slow down the user computer and consume a lot of power during its operations.

 

The post Cryptojacking malware hits Make-A-Wish Foundation site appeared first on Coingeek.

Read More

McAfee Labs spots yet another Monero-mining cryptojacking malware

A new Russian malware designed to mine privacy-centric cryptocurrency Monero from unsuspecting user machines has been discovered by researchers at McAfee Labs, the latest coin mining malware to be uncovered in recent weeks.

The malware, known as WebCobra, steals computing power from affected devices, before silently mining for cryptocurrency in the background. Users are often unaware of the effects of the malware until they notice a loss of performance, or a higher-than-expected energy bill.

WebCobra is similar to other malware, according to experts at McAfee Labs, with attacks of this type dubbed “cryptojacking.” These attacks have become increasingly more common in recent months, particularly popular with scammers mining SegWit and Monero.

This latest discovery reveals a new type of malware, which researchers have linked to hackers based in Russia.

While some have suggested cryptojacking is less invasive than other types of hacks, the financial costs of mining some cryptocurrencies, coupled with the significant loss of processing power, mean this is far from a victimless crime.

According to a post by McAfee Labs, the costs for mining a single BTC can run into the tens of thousands of dollars. The report noted, “Coin mining malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background with just one sign: performance degradation. As the malware increases power consumption, the machine slows down, leaving the owner with a headache and an unwelcome bill, as the energy it takes to mine a single bitcoin can cost from $531 to $26,170…”

The researchers said, “We believe this threat arrives via rogue PUP installers. We have observed it across the globe, with the highest number of infections in Brazil, South Africa, and the United States.”

These types of crypto mining scams have risen by as much as 500% in 2018 so far, leading to an intervention from Google to block obfuscated code from its Chrome Web Store, in a bid to stem the tide of attacks.

As crypto mining malware like WebCobra continues to become more sophisticated, it is likely that more systems will be unwittingly compromised by this type of cryptojacking attack.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post McAfee Labs spots yet another Monero-mining cryptojacking malware appeared first on Coingeek.

Read More

South Korea arrests five over crypto malware

The South Korean National Police Agency’s Cyber Bureau, in conjunction with local police, have arrested five cyber punks who were behind a hacking effort that targeted well over 6,000 computers. According to a joint statement by the law enforcement offices, the thieves had installed cryptocurrency mining malware on the computers through a mass email blast, which was ultimately received by 32,435 addresses. With a little luck, the group won’t see daylight for a considerable amount of time.

The group was led by Kim Amu-gae, a 24-year-old South Korean. From October to December of last year, the five criminals posed as employers and sent the malware as a response to a job applicant’s email.

The hackers were able to illicitly access over 30,000 email addresses of jobseekers by stealing data from large-scale conglomerates in the South Korean technology sector. They would then send emails to the individuals, posing as recruitment agents or potential employers.

Those emails contained malware wrapped inside documents or files sent to the applicants. Believing the email to be coming from a legitimate employer, the individuals were duped into opening the attachments, which installed the malware. 6,000 computers had the malware removed autonomously three to seven days following infection due to the presence of advanced anti-virus software.

According to the local police, “Because cyber security firms and anti-virus software operators responded quickly to the distribution of mining malware, the group of hackers were not able to generate a significant revenue from their operation. In most cases, anti-virus software detected the malware within three to seven days. If the malware was detected, the hackers sent new malware, but it was detected again by anti-virus software.”

The thieves spent a lot more resources than they were able to collect as their bounty, showing their “intellectual prowess.” They only absconded with around $1,000.

One of the investigators working on the case offered a word of warning to all computer users. He said, “Crypto jacking significantly reduces the performance of computers and if exposed to institutions, it could have a serious effect on the society. PC users must have secure anti-virus software in place and update browsers frequently. Also, if the performance of a computer suddenly drops, users will have to suspect the presence of mining malware.”

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post South Korea arrests five over crypto malware appeared first on Coingeek.

Read More

Canadian university shuts down network after cryptojacking attack

The St. Francis Xavier University, located in Nova Scotia, Canada, has found itself targeted by a cryptocurrency mining malware—also known as cryptojacking—forcing the institution to shut down its entire network.

On Monday, GlobalNews.ca reported that the university shuttered its operation for four days last week while its administration looks for ways to remove the malware. The cryptojacking attack started last November 1 when the malware infiltrated the university’s network, and began mining an unknown cryptocurrency using the educational institution’s processing power. Upon detecting the malware, officials shut down its entire network which has caused things to come to a standstill.

The University released an official statement on November 4, explaining that the attack has not caused any harm to members of the university and no sensitive information had been stolen. The university added that it would restore its network once its IT experts are done fixing the security breach. Some services, however, have been restored, including access to email, Wi-Fi, debit transactions, the school’s online course system, shared storage space and drives on the St. FX network, according to St. Francis Xavier University.

To protect themselves from possible harm, the university asked all members from their facility to change their password.

Miners have resulted in cryptojacking activities to avoid the high cost that comes with cryptocurrency mining. This has caused unsuspecting computer users, both personal and industrial, to suffer this cost on behalf of the miners. Crytojackers use malware to penetrate computers or networks that have high processing powers. The user through ads and extensions installs most of the malware unknowingly.

Once installed the malware helps the cryptojackers to mine currencies using the users processing power and electricity. To mine more coins, some miners have targeted large institutions like the St. Francis Xavier University to access the largely available power. They are also targeting government websites with high traffic to mining their coins.

These cryptojackers are making vast sums of money from their operations. To avoid being detected by the authorities, cryptocjackers are developing new ways to prevent their malware from being notices. Last month, some miners were using fake Adobe flash update which they used as Trojan horses to install crypto mining software into user computers.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Canadian university shuts down network after cryptojacking attack appeared first on Coingeek.

Read More

Crypto price tracking app for Mac contains backdoors

Mac computer users have always touted the computers to be better than Windows-based machines due to a greater degree of security provided to the users. However, a number of instances have been recorded recently that are beginning to show the cracks in their theory. There have been several cases of high-profile malware being discovered on MacOS computers and another has just been found.

Thomas Reed, Malwarebytes Director of Mac & Mobile, published a blog post recently talking about the discovery of an issue with cryptocurrency tracking application CoinTicker. His investigation into the issue began after being tipped off by a Mac user, leading Reed to writing the blog post and discussing the issue on Twitter. He said, “An astute contributor to our forums going by the handle 1vladimir noticed that an app named CoinTicker was exhibiting some fishy behavior over the weekend. It seems that the app is covertly installing not just one but two different backdoors.”

CoinTicker providers an app that allows users to track a number of cryptocurrencies, including Bitcoin BCH, Bitcoin Core, Ethereum and more. It pools data from a number of exchanges and then displays it in a user-friendly format so users can watch how the markets are moving.

What the users didn’t know, however, is that the app also included the malware, which was more than likely added to the application in order to gain access to cryptocurrency wallets. CoinTicker contains Eggshell and EvilOSX, two forms of malware that give remote access to computers to perform any number of functions, depending on how they’re configured.

When he first started looking into the issue, Reed believed that CoinTicker could have had its website hacked and the legitimate app replaced with the infected version. However, as he dug deeper, he began to discover clues that led him to believe that the app might not have been legitimate from the start.

Reed explained, “First, the app is distributed via a domain named coin-sticker.com. This is close to, but not quite the same, as the name of the app. Getting the domain name wrong seems awfully sloppy if this were a legitimate app. Adding further suspicion, it seems that this domain was just registered a few months ago on July 13.”

The malware goes to work as soon as a user logs onto the computer. It runs hidden in the background and doesn’t require any special permissions, not even root.

Malwarebytes offers a tool that identifies CoinTicker as the OSX.EvilEgg malware. Anyone that has installed the app should scan their computers and remove any instances of CoinTicker. Most importantly, don’t install anything that isn’t from reliable sources.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Crypto price tracking app for Mac contains backdoors appeared first on Coingeek.

Read More

Malware disguised as cheat tools steals crypto from Fortnite players

When the sixth season of popular video game Fortnite dropped, fans rejoiced. And opportunists tried to cash in too—by developing a cryptocurrency- and data-stealing malware posing as game cheat tools.

Malwarebytes Labs discovered the malware in YouTube videos offering “free” season passes and “free” versions of the game, according lead malware intelligence analyst Christopher Boyd.

In a blog post, Boyd noted, “We sifted through a sizable mish-mash of free season six passes, supposedly ‘free’ Android versions of Fortnite, which were leaked out from under the developer’s noses, the ever-popular blast of ‘free V-Bucks’ used to purchase additional content in the game, and a lot of bogus cheats, wallhacks, and aimbots.”

The discovery process involved going through several steps, including subscribing to a YouTube channel, before being redirected to a different site and then filling a survey before downloading the malware disguised as a cheat tool.

The videos were titled in an inviting manner. One video was called, “New Season 6 Fortnite Hack Cheat Free Download September 2018 / WH / Aimbot/ Undetectable.” Another one was titled, “Fortnite Hack Free Download,” and yet another was titled “Fortnite Cheat.” One video had 120,892 views before it was removed for breaching YouTube’s spam policy.

Boyd said passing the malware off as a cheat tool is not new—the practice has been seen for decades and is capable of doing significant damage to computer systems.

The initial .exe file runs on the target system then enumerates the details of the infected computer. After this, it sends data via a POST command to a file in Tel Aviv. Boyd noted that a lot of data is vulnerable to theft since the malware examines bitcoin wallets, Steam sessions, cookies, and information tied to browser sessions. The malware includes a readme file that advertises the ability to purchase additional Fortnite scams for ‘$80 Bitcoin’.

In as much as one may be tempted to cheat at Fortnite, Boyd advises users to avoid the temptation to download cheats.

“Offering up a malicious file under the pretense of a cheat is as old school as it gets, but that’s never stopped cybercriminals before. In this scenario, would-be cheaters suffer a taste of their own medicine via a daisy chain of clickthroughs and (eventually) some malware as a parting gift,” he wrote. “Winning is great, but it’s absolutely not worth risking a huge slice of personal information to get the job done.”

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Malware disguised as cheat tools steals crypto from Fortnite players appeared first on Coingeek.

Read More

Crypto in Africa: New intercontinental payment methods poised to overtake US dollar

The U.S. dollar is reported to be losing its place as the top intercontinental currency in Africa. This is according to SWIFT, the global provider of financial messaging services. African usage of the U.S. dollar dropped from 50% in 2013 to 45.1% in 2017, and this is attributed to citizens switching more to local currencies and mobile payments (possibly including cryptocurrencies) to handle international transactions. It’s difficult to say how much of such payments were made through cryptocurrencies, but the 6.4% of mobile statistics clearly means they were government-approved currencies without actual intrinsic value.

It has been reported that African countries have been gradually adopting blockchain and crypto technologies over the past few years. GSM Association estimates that Africa will likely have 725 million mobile phone subscribers by 2020, which, in turn, can boost cryptocurrency adoption in the region. SWIFT noted that with mobile money and other digital financial services, people can store money securely, spend it effortlessly, and afford the small fees charged by their providers.

The U.S. dollar has been replaced chiefly by the South African rand and the West African franc as the leading inter-country exchange currency in Africa. The franc commands 7.3% of such payments, up from 4.4% in 2013. The rand has moved up from 6.3% to 7.2% in usage. The British pound has spiraled downwards too, from 6.2% to 4.6% of such transactions.

Africa hit by crypto mining USB malware infections

Kaspersky recently published a Lab Review of USB and removable media threats in 2018 that showed Africa as one of the most affected regions by crypto mining-related USB malware infections.

Crypto mining malware have been harnessed by cyber attackers as an effective and persistent distribution vehicle for spreading malware between unconnected computers. The toll on victims has been on the rise, given that emerging markets—where USB devices are more widely used for business purposes—are the most vulnerable to malicious infection spread by removable media. Such markets are especially prevalent in Africa, Asia and South America.

Isolated hits were also detected in countries in Europe and North America. An example is Radiflow, specializing in SCADA (supervisory control and data acquisition), which saw its servers suffer malware infection.

Despite the fact that USB devices are less effective at spreading infection than in the past due to growing awareness of their security weakness and declining use as a business tool, they remain a significant risk that users ought not to underestimate. Attackers still continue to find exploits and some infections go unnoticed for years. USB devices have been around for over two decades and have acquired a reputation of beingvulnerably to cybersecurity threats.

According to Kaspersky Security Network, KSN data, a popular crypto-miner malware detected in drive-roots is Trojan.Win32.Miner.ays/ Trojan.Win64.Miner.all, known since 2014. The Trojan drops the mining application onto the PC, then installs and silently launches the mining software and downloads the requirements that enable it to send any results to an external server controlled by the attacker.

Infections have been reported to grow via removable media unnoticed and continually year-after-year with detections of the 64-bit version of the miner growing by around a sixth, increasing by 18.42% between 2016 and 2017, and expected to rise by 16.42% between 2017 and 2018.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Crypto in Africa: New intercontinental payment methods poised to overtake US dollar appeared first on Coingeek.

Read More

Researchers discover new crypto malware-killing botnet

A new botnet which sets out to specifically kill a type of crypto mining malware has been discovered by security researchers at Qihoo 360Netlab.

Known as Fbot, the botnet appears to be based on derivative software from Mirai, an application generally used in DDoS attacks. However, in this case, the DDoS module has been deactivated, with the botnet instead searching for cryptojacking malware before replacing its code, thereby neutering its bad effects.

In particular, the botnet searches for instances of the com.ufo.miner, a variation on the Android based ADB.Miner for privacy-centric altcoin Monero.

According to the Qihoo team, the botnet distributes itself by searching for open ports, before uninstalling the com.ufo.miner software where present. The botnet effectively installs itself over the malware, destroys its malicious code, and then self-destructs, according to a report published by the researchers.

The botnet is also linked to a domain name which is only accessible through EmerDNS, rather than the standard DNS system. This means it becomes harder to detect, with those scanning only traditional DNS names unable to access its records.

“The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names),” according to the Qihoo 360Netlab blog post.

It comes at a time when the numbers of cryptojacking and malware attacks have reached record highs, with the last few months seeing particularly elevated activity around these types of crypto scams.

Cryptojacking malware is now so prevalent that it has been identified across the systems of several large businesses and government agencies, as well as the countless individuals affected worldwide. According to security researchers, incidents of cryptojacking have increased by 956% over the last year.

This has even prompted Firefox to announce their latest browser will automatically detect and block cryptojacking scripts, in a bid to fight against this surge in their use.

At this stage, it remains unclear whether the botnet was created with the intention of cleaning up malware, or whether it has been launched by rival scammers to clear out competing malware.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Researchers discover new crypto malware-killing botnet appeared first on Coingeek.

Read More
Top