McAfee Labs Report: Crypto-Jacking Malware Mining Several Coins on Host System Detected

McAfee Labs Report: Crypto-Jacking Malware Mining Several Coins on Host System Detected

A report submitted by McAfee researchers on November 12, 2018, claims that a new crypto mining malware capable of mining different cryptocurrencies depending on the host’s system is on the loose.

Russian Malware Attacks Global Networks

Crypto-jacking malware and its attack vectors are becoming more efficient by the day. A new Russian malware that mines different cryptocurrencies based on the host system is now affecting thousands of users. Researchers at the McAfee labs have recently found a new type of crypto-jacking malware which is capable of diverting computing power to mine either Monero or Zcash.

At this point, the researchers have been able to track the origins of the malware to Russia. They also noted that the infection seems to have a more severe impact across countries like Brazil, South Africa, and the US. The Russian-based malware named WebCobra attacks by installing different mining software depending on the host machine settings and hardware capabilities. With this, they can even choose the cryptocurrency they will be mining on the hijacked device.

According to the report released by McAfee labs the crypto-jacking trend is generating millions and will probably get even more efficient in the future:

“The increase in the value of cryptocurrencies has inspired cybercriminals to employ malware that steals machine resources to mine crypto-coins without the victims’ consent. Coin mining malware will continue to evolve as cybercriminals take advantage of this relatively easy path to stealing value.”

How Does the Malware Attack?

According to researchers, a new malware injection technique was discovered which was set on a malicious file containing the mining malware as a file included on legitimate Windows installer files.

After a close analysis, the researchers noticed the attacker’s method lies on the distribution of the malicious software through an infected Microsoft installer package. The attack is very well orchestrated as the Windows installer package was programmed to install Cryptonight miners on x86 systems, and Claymore’s Zcash miner on x64 systems. This mining software is very effective as it is capable of mining all the Cryptonight algorithm cryptocurrencies.

There are several ways for you to check if you have been infected by crypto-jacking malware.

If your computer is running slower than usual and if it is using up almost all the processing power and is heating a lot, you can say for sure that you are infected. If this happens, you need to re-install the operating system. To avoid this, the best way to protect yourself is to prevent downloads from unknown sources and avoid shady sites.

Nuno Menezes

As an Anthropologist with a strong background in computing and finance, Nuno saw in Bitcoin a real case study. He ran into Bitcoin in 2013 and after understanding the true nature of this new technology has been writing about the subject ever since. He loves to read and is the sporty type. Nuno enjoys his spare time skating with his friends and has a passion for skydiving.