Kaspersky Blocks Over 200M Illegal Crypto Mining: Reports

August 2021

Protect your people from email and cloud threats with an intelligent and holistic approach. Prevent identity risks, detect lateral movement and remediate identity threats in real time. The “c.sh” script disables SELinux and then configures “iptables” and “ulimit”, establishing communication with any Redis servers on the network while simultaneously cutting all access from beyond the system. The next payload deployed https://www.tokenexus.com/ incorporates masscan, pnscan, and zgrab, to search networks for pivoting points that are valid before downloading the last two scripts that facilitate propagation, “d.sh” and “c.sh”. Once in, WatchDog can itemise or alter containers and then run shell commands of its choice on them. This checks out the host’s infection status and lists processes before fetching the second-stage payload script “ar.sh”.

Stop the delivery vector and secure your organization against spear phishing – learn more about Egress Defend here or book a demo today. Normally, this is a sign to free up some storage space or request a new device/component from the IT department. However, an unusually slow laptop can also be the sign of something more sinister – cryptojacking. Sam Bocetta is a freelance journalist specializing in US diplomacy and https://www.tokenexus.com/what-is-cryptojacking-how-to-prevent-and-detect-it/ national security, with emphasis on technology trends in cyber-warfare, cyber-defense, and cryptography. Of course, machines working harder than they should can be an indication of many different types of attack, but any sudden decrease in performance should be taken as a flag to investigate potential infection. Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges.

Resources

Crypto mining is the method of validating the processed transaction and minting a new token in exchange for validating the blocks and transaction. As per Kaspersky, Bitcoin generation requires as much energy as Sweden consumes annually. Increasing power prices are believed to fuel illegal mining and crypto-jacking.

As of now, there are more than 11,000 websites using the coinhive script. Upon researching the infected sites, it is difficult not to notice that a large majority of the sites seem to be free movie streaming services, which is no surprise as these often host different types of malware. The playbook is triggered by a Cortex XDR alert that detects unusual allocation of cloud computing resources. Cryptocurrency mining is a computationally intensive task, which requires electricity and computing power.

Cryptojacking: how it works and how to protect your business

Mining cryptocurrencies through the equipment of users without their consent is known as cryptojacking. Cryptojacking can go undetected for a long time and won’t attract as much attention as a ransomware attack. Plus, most victims wouldn’t bother legally pursuing perpetrators anyway, as nothing has been stolen or locked via encryption.

A successful example for the legal use of Coinhive was a donation initiative of UNICEF Australia, where donations were generated through website visits. It seems ironic for the maker of the Coinhive JavaScript code, widely used for cryptojacking, to claim that Coinhive is an alternative to classic ad banners. In principle, a code integrated into websites, via which visitors consciously agree to mining, can be a safe alternative to advertisements that lead to malicious scam or phishing sites or stealing of sensitive user data. Anti-crypto mining browser extensions are available but ensure you use a trusted download site.

PowerGhost

ESET detects the majority of cryptojacking scripts as potentially unwanted applications (PUAs). In terms of impact, 2017 and 2018 were acknowledged as two of the most significant years to date for cryptojacking. Since then, it has become a rather underestimated cyber threat, though it certainly hasn’t gone away. Research suggests that cryptocurrency miners were the most common malware family last year, with no less than 74,490 threats detected in the first half of 2021.

• Nedless to say, the Mt. Gox bitcoin exchange never recovered from the attack.
• To be the first to solve a mathematical problem, miners need powerful computing resources.
• It’s increasingly popular with cybercriminals because cryptojacking kits are easy to purchase on crime-as-a-service marketplaces (for as little as $30 according to a report by Digital Shadows).
• The same cybersecurity firm says in its report that the crypto industry affects 55% of worldwide companies.
• This will allow them to quickly spot the first signs of an attack and immediately take the steps required.

Unlike ransomware and other cyber threats, cryptojacking code hides on computers, mobile devices, and servers and surreptitiously uses a machine’s resources to “mine” cryptocurrencies. Most users don’t notice anything unless it severely slows down the computer’s processing speed. In November 2017, AdGuard, maker of a popular ad-blocking browser plugin, reported a 31 percent growth rate for in-browser cryptojacking. Its research found more than 30,000 websites running cryptomining scripts like Coinhive, which according to various reports has affected one in five organizations worldwide.

Help your employees identify, resist and report attacks before the damage is done. Several of the scripts utilised by WatchDog include references and logos of another hacking group called TeamTNT. This indicates that WatchDog most likely stole these tools from the rival. The “d.sh” script works similarly but targets other Docker Engine API endpoints instead of Redis servers and infects them. These scripts are stored in a new directory marked “…” making it easy to miss during an inspection, as it looks like the alias used for the parent directory. With the coronavirus on the verge of being declared a global pandemic and thousands dead in its wake, there are sick attempts by criminals to scam unsuspected victims to profit from the illness.

• Our custom JavaScript Crypto Miner detection module works by loading each page within a sandboxed web browser and then detecting attempts by the browser to communicate with Crypto Mining services.
• This lead to antivirus vendors and ad-blockers tdentifying and removing Coinbase code from infected websites.
• Beyond this, successfully defending against cryptojacking relies on techniques used to protect against any other form of attack.
• In cryptojacking, cybercriminals infect computers and mobile devices with malware in order to use their computing power to generate cryptocurrencies.

SHARE