MikroTik cryptojacking still in play with over 400K affected routers

The number of MikroTik routers that have been affected by a malicious malware that mines privacy-centric cryptocurrency Monero (XMR) has risen to 415,000, according to security researchers.

The cryptojacking malware was first discovered in August. According to a Trustwave report, the malware attacked the MikroTik routers after their systems became vulnerable earlier this year in April. Initially, hackers had penetrated 175,000 routers and then expanded to Eastern Europe, where they attacked 25,000 more routers. The hackers were using Coinhive and 15 other malware to mine XMR.

Since it was discovered, Twitter user VriesHd and researchers from Bad Packets have been following the cryptojacking malware. In September, they reported the number of affected MikroTik routers have risen to 280,000. In his recent tweet, VriesHd explains that the numbers have doubled since the initial attacks.

According to VriesHd, the number is derived from checking three possible ways hackers could be abusing MikroTik, although the number could be higher since the data reflects IP addresses known to have been infected with cryptojacking scripts. He noted that it would not surprise him if the actual number totals to somewhere around 350,000 to 400,000.

The researcher further found that the hackers are no longer exclusively using Coinhive; they have been using other mining software like Omine and CoinImp to mine the privacy-centric cryptocurrency.

To protect themselves from the malware, Bad Packets Report security expert Troy MUrsch advises MikroTik router users to download the latest firmware version available for their device. This will prevent the malware from using their routers to mine cryptocurrencies.

VriesHD also points out that internet service providers (ISPs) can also be used to fight the spread of malware by forcing over-the-air updates to the routers.

Cryptojacking cases continue to rise with figures increasing by 500% this year. According to reports, Brazil is the leading country affected by the malicious malware. Research shows that Coinhive has hit the country over 81,000 times in October. India ranks second with 29,000 discovered incidents followed by Indonesia, which has more than 23,000 cryptojacking cases.

The post MikroTik cryptojacking still in play with over 400K affected routers appeared first on CoinGeek.

Read More

McAfee Labs spots yet another Monero-mining cryptojacking malware

A new Russian malware designed to mine privacy-centric cryptocurrency Monero from unsuspecting user machines has been discovered by researchers at McAfee Labs, the latest coin mining malware to be uncovered in recent weeks.

The malware, known as WebCobra, steals computing power from affected devices, before silently mining for cryptocurrency in the background. Users are often unaware of the effects of the malware until they notice a loss of performance, or a higher-than-expected energy bill.

WebCobra is similar to other malware, according to experts at McAfee Labs, with attacks of this type dubbed “cryptojacking.” These attacks have become increasingly more common in recent months, particularly popular with scammers mining SegWit and Monero.

This latest discovery reveals a new type of malware, which researchers have linked to hackers based in Russia.

While some have suggested cryptojacking is less invasive than other types of hacks, the financial costs of mining some cryptocurrencies, coupled with the significant loss of processing power, mean this is far from a victimless crime.

According to a post by McAfee Labs, the costs for mining a single BTC can run into the tens of thousands of dollars. The report noted, “Coin mining malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background with just one sign: performance degradation. As the malware increases power consumption, the machine slows down, leaving the owner with a headache and an unwelcome bill, as the energy it takes to mine a single bitcoin can cost from $531 to $26,170…”

The researchers said, “We believe this threat arrives via rogue PUP installers. We have observed it across the globe, with the highest number of infections in Brazil, South Africa, and the United States.”

These types of crypto mining scams have risen by as much as 500% in 2018 so far, leading to an intervention from Google to block obfuscated code from its Chrome Web Store, in a bid to stem the tide of attacks.

As crypto mining malware like WebCobra continues to become more sophisticated, it is likely that more systems will be unwittingly compromised by this type of cryptojacking attack.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post McAfee Labs spots yet another Monero-mining cryptojacking malware appeared first on Coingeek.

Read More

Researchers discover new crypto malware-killing botnet

A new botnet which sets out to specifically kill a type of crypto mining malware has been discovered by security researchers at Qihoo 360Netlab.

Known as Fbot, the botnet appears to be based on derivative software from Mirai, an application generally used in DDoS attacks. However, in this case, the DDoS module has been deactivated, with the botnet instead searching for cryptojacking malware before replacing its code, thereby neutering its bad effects.

In particular, the botnet searches for instances of the com.ufo.miner, a variation on the Android based ADB.Miner for privacy-centric altcoin Monero.

According to the Qihoo team, the botnet distributes itself by searching for open ports, before uninstalling the com.ufo.miner software where present. The botnet effectively installs itself over the malware, destroys its malicious code, and then self-destructs, according to a report published by the researchers.

The botnet is also linked to a domain name which is only accessible through EmerDNS, rather than the standard DNS system. This means it becomes harder to detect, with those scanning only traditional DNS names unable to access its records.

“The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names),” according to the Qihoo 360Netlab blog post.

It comes at a time when the numbers of cryptojacking and malware attacks have reached record highs, with the last few months seeing particularly elevated activity around these types of crypto scams.

Cryptojacking malware is now so prevalent that it has been identified across the systems of several large businesses and government agencies, as well as the countless individuals affected worldwide. According to security researchers, incidents of cryptojacking have increased by 956% over the last year.

This has even prompted Firefox to announce their latest browser will automatically detect and block cryptojacking scripts, in a bid to fight against this surge in their use.

At this stage, it remains unclear whether the botnet was created with the intention of cleaning up malware, or whether it has been launched by rival scammers to clear out competing malware.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Researchers discover new crypto malware-killing botnet appeared first on Coingeek.

Read More

Researchers discover new crypto malware-killing botnet

A new botnet which sets out to specifically kill a type of crypto mining malware has been discovered by security researchers at Qihoo 360Netlab.

Known as Fbot, the botnet appears to be based on derivative software from Mirai, an application generally used in DDoS attacks. However, in this case, the DDoS module has been deactivated, with the botnet instead searching for cryptojacking malware before replacing its code, thereby neutering its bad effects.

In particular, the botnet searches for instances of the com.ufo.miner, a variation on the Android based ADB.Miner for privacy-centric altcoin Monero.

According to the Qihoo team, the botnet distributes itself by searching for open ports, before uninstalling the com.ufo.miner software where present. The botnet effectively installs itself over the malware, destroys its malicious code, and then self-destructs, according to a report published by the researchers.

The botnet is also linked to a domain name which is only accessible through EmerDNS, rather than the standard DNS system. This means it becomes harder to detect, with those scanning only traditional DNS names unable to access its records.

“The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names),” according to the Qihoo 360Netlab blog post.

It comes at a time when the numbers of cryptojacking and malware attacks have reached record highs, with the last few months seeing particularly elevated activity around these types of crypto scams.

Cryptojacking malware is now so prevalent that it has been identified across the systems of several large businesses and government agencies, as well as the countless individuals affected worldwide. According to security researchers, incidents of cryptojacking have increased by 956% over the last year.

This has even prompted Firefox to announce their latest browser will automatically detect and block cryptojacking scripts, in a bid to fight against this surge in their use.

At this stage, it remains unclear whether the botnet was created with the intention of cleaning up malware, or whether it has been launched by rival scammers to clear out competing malware.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Researchers discover new crypto malware-killing botnet appeared first on Coingeek.

Read More
Top