Monero is the cryptocurrency hit the hardest regarding mining malware – where malware uses the host’s OS to mine cryptocurrency. This malware is now so common that it has earned its own name – cryptojacking. Nearly 150 XMR, worth roughly $30,000, were mined from 500,000 infected computers in around three days with malware called WinstarNssmMiner.
In most cases, these types of malware are not overly sophisticated or aggressive. They can sometimes be shut down by simply closing the browser, but WinstarNssmMiner is a little more tenacious. As soon as it detects anti-virus software, the malware crashes the computer.
When the WinstarNssmMiner is downloaded, it injects the ‘svchost.exe’ with malicious code. This script is used to execute basic computer functions and alters the PC’s critical process function so it can crash the computer at will. If the malware detects an established anti-virus program, it won’t install itself – but only if it is an established anti-virus program – such as Avast.
The cryptojacking trend is ominous. With copious amounts of money to be made in the mining industry, we could see more aggressive types of cryptojacking malware, and there has already been a considerable rise in occurrences. According to a report by Symantec, cryptojacking grew by 8,500% in 2017. Windows systems continue to be extremely vulnerable, as do Oracle web logic servers.
Earlier this month, the Coinhive mining code was found on over 300 government and university websites mining Monero. All affected websites were using an infected version of Drupal, a content management system. Web-related technologies continue to be targeted by hackers due to their security vulnerabilities.
Coinhive is one of the most widespread and damaging pieces of cryptojacking malware. In January 2018, it spread to YouTube. Google, the owner of Youtube, stopped the virus swiftly when it became known. According to software security firm, Check Point, Coinhive is the number one “most wanted” malware, and the firm asserts that 55% of businesses are affected by crypto miners.
In Russia, India, and China, nearly 500,000 thousand machines were recently infected with the Smominru crypto mining botnet, again targeting Monero through the windows OS. Some estimates suggest that damages were in the region of $3.6 million by the end of January.
Cryptojacking is on the rise, and it may not even require significant technical skills. It is seen as a cheaper and easier alternative to ransomware. With cryptojacking, all infected machines will work to mine cryptocurrency. Ransomware is often nowhere near as profitable, and the risk of being caught and identified is also far less. Ironically, privacy-based coins such as Monero and Zcash are targeted as opposed to Bitcoin and other coins – since identities are private, it is harder to trace the hackers.
Digital Nomad with an interest in Zen and Blockchain technology.
Law graduate with 3 years experience as a consultant in the capital markets industry and 4 years experience freelancing on UpWork as a Creative Writer.