It’s common knowledge that new cryptocurrency units come into existence through mining, a process of complex computation relying on CPU or GPU power. Unfortunately, this routine isn’t always done in an ethical way. Cybercriminals have masterminded numerous techniques to parasitize other people’s PCs and servers for generating coins surreptitiously.
Contributed by David Balaban
The boom of rogue cryptomining (or cryptojacking) at the expense of unsuspecting users’ machines co-occurred with Bitcoin price reaching its peak in late 2017. Although the subsequent dramatic decline in its value brought many of these malicious campaigns to a halt, the predictions of the epidemic’s prompt end were premature.
New waves of cryptojacking have surfaced since the prices of popular cryptocurrencies started to gradually climb back up in 2019. To top it off, crooks are now utilizing novel techniques to masquerade their malware and monetize it. Their overhauled repertoire ranges from infecting airports and Docker hosts – to distributing booby-trapped WAV audio files and fake CMS plugins targeting different operating systems. Below are a few recent incidents that gave security analysts a heads-up.
Stealth Monero Miner Detected in an International Airport’s Systems
In mid-October 2019, researchers from security firm Cyberbit made an unsettling discovery when deploying their Endpoint Detection and Response solution in a European international airport. They found that more than half of the airport’s workstations were contaminated with a malicious variant of the XMRig Monero mining program. The infection had slipped below the radar of the antivirus tool running on the facility’s machines, but the behavioral analytics module built into the new protection software was able to identify the anomalous activity.
Although this malware lineage has been around for over a year, the experts realized they were dealing with its offshoot that underwent several…