Researchers tracked a cybercriminal group over the past six months. This group coined $7 million with the help of 10,000 computers infected with mining malware.
Researchers profiled three groups of crypto miners that represent this new breed crypto jacking criminals. These groups are quieter by nature and ransomware cybercriminals, are more apt to silently use CPU cycles while remaining hidden on the infected PC or datacenter.
It is estimated that 2.7 million users were attacked by malicious miners in 2017, a number with 50 percent up from 2016 (1.87 million).
The first of newly discovered cybercriminal group is named Group One. This group infected over 10,000 devices ranging from consumer to corporate PCs and servers all over the globe.
They are mining Monero by using sophisticated techniques such as process hollowing and manipulating Windows system Task Scheduler.
Process Hollowing is when a cybercriminal creates a process in a suspended state and later replaces the processed image with one that the cybercriminal wants to remain hidden.
Exploiting the Windows’ Task Scheduler is also a way to hide malicious software on computers. Using the Task Scheduler technique, mining software is hidden on targeted computers by the cybercriminals who name miner programs with names of typical Windows start-up applications such as diskmngr.exe, taskmngr.exe, and svchost.exe.
To be safe against this type of cybersecurity threats, every company and individual must keep patches up to date and protect every device with a top cybersecurity solution. Depending on which OS is running on company devices is recommended the install an antivirus for Windows or antivirus for Mac.
The second group of crypto mining cybercriminals differentiates themselves by specifically target types of users with Monero miners.
After making a malware analysis of the malware used by Group Two, researchers revealed hard-coded information in the Power Shell scripts that contained specific information about the endpoints targeted in the attacks. This flags a big cybersecurity flaw meaning that cybercriminals had prior access to the targeted networks.
By doing this cybercriminal avoided planting cryptocurrency malware on a system administrator or security officer’s computers.
Depending of which OS is running on company devices is recommended the install of a antivirus for Windows or antivirus for Mac because only than your entire network will be protected against this kind of cybersecurity threats.
Group Three are unique because they didn’t use the build kits they made, only sold them online.
The kits that mined Monero were sold on the Dark Web and places such as private Telegram channels.
The kits offered a would-be crypto jacker full customization of the malicious mining software designating what percentage of the CPU to use for mine.
These kits are built to exist in systems for a long time. Without any strong cybersecurity, a solution would be tough for a regular user realize that they got infected. Remember to always install and protect your system with an antivirus.