The Changing Face of Malware: Malware Being Used as Cryptocurrency Miners
In my last article, I was discussing how malicious cryptocurrency mining is all set to exploit technological as well as human vulnerabilities this year. In this article, I will continue digging deeper and discuss its patterns of invasions.
As people keep talking about how cybercriminals used the banking Trojan Trickbot to steal Coinbase users’ credentials, you will be surprised to know that analysts can easily identify malicious miners, which are actually quite simple types of malware. But how can these so-called simple miners become successful in driving invading attacks? Well, cryptocurrency mining authors are able to make unsophisticated malware pieces work with noteworthy delivery techniques that often have very subtle signs of being ‘malicious.’ The modus operandi of most coin miners is almost the same. They can easily make use of recognized, open-source components to invade users’ accounts without any complication. In this regard, we can recall a January incident when a coin miner used the Heaven’s Gate technique to invade Monero currency users’ accounts.
Cyber criminals are exploiting all possible opportunities to invade crypto wallets. As a part of such attempts, they are even using the computing power of multiple devices. They are also leveraging malspam campaigns, supply chain-attacks, and malicious APKs to launch attacks on a large scale. People are mostly aware of the Wannacry cyberattack that was launched through the use of DoublePulsar and EternalBlue malware, but what most people do not know is that several other groups earned millions of dollars by using the same malware to inject a cryptocurrency miner into thousands of Windows servers. Similarly, cyber criminals exploited vulnerabilities in Oracle’s WebLogic Server to deliver miners into the servers deployed at research institutes and universities. With continuous rise in cryptocurrency value, cybercriminals have been regularly upgrading their current malware to deliver and install cryptocurrency miners on servers. As the cryptocurrencies continue to become more and more popular, the world may expect to see a dramatic rise in malicious incidents.
In the next few months, we may even witness a continuous evolution and transformation of some of the malware families that we have come across so far. In fact, some types of malware that were never traditionally used for mining will now be used for this purpose both directly and indirectly. Additionally, cybercriminals will now be using adware and spyware on a large scale to drive users to mining pages, get access to local cryptocurrency accounts, and gain control over servers to use them as their potential mining pools. What’s more alarming is that even if the malicious cryptocurrency mining domain turns grey, cybercriminals will still continue winning big with spyware and adware, which they will use to steal people’s personal and financial information and intellectual property.