The developers are responsible for hacking millions of computers to hack a total of $2 million in cryptocurrencies.
Computers were initially infected with a mining program and a mining monitoring software — whenever the latter detected CPU utilization below 50%, the former would silently start mining in the background. The cycle was repeated endlessly, with all the proceeds being sent back to the hackers.
In a joint effort involving many Chinese law enforcement agencies, 20 individuals were apprehended, out of which 11 were released on bail, and 9 were detained. The culprits are responsible for illegally controlling more than 389 million computers across China, while a total of 1 million computers were silently mining for the hacker group.
The security team at Tencent Keeper Program has been credited for alerting authorities to the hack. Back on January 3, the team first detected a game plug-in containing a Trojan horse program. The operation ran uninterrupted for 2 years during which it mined more than 26 million coins — a mix between DigiByte (DGB), Decred (DCR), and Siacoin (SC), — totaling more than 15 million Chinese yuan.
Police detectives explained hacker groups tend to go for cryptocurrencies hard to mine in the market. Once one or more digital currencies are chosen, hackers attempt to gain control of other computers through cloud computing services and install a virtual currency mining program. For as long as these computers remain turned on, they will constantly mine cryptocurrencies in the background and transfer them back to the hacker group for a quick cashout.
The Trojan program developers were initially found in Qingzhou, where Yang Mobao was later identified as the leader of the group. The Municipal Bureau of Network Security Detachment and Qingzhou Municipal Bureau set up a task force that arrested Mobao on March 8, at home.
During his trial, Mobao confessed to using the game plug-in to illegally access computer systems which were not his own — reportedly, he was able to individually profit around 268,000 yuan.
Shortly after, the task force found out Dalian Yuping Network Technology Co., Ltd. was behind the masterplan, orchestrated by He Mou and his wife Chen Mou, who acted as the company’s financial director.
The task force dispatched more than 50 units to Dalian on April 11, where 16 individuals were detained — 12 were found to be suspects of taking illegal control of other computers, including He Mou and his wife, while the remaining 4 were released on bail pending trial.
He Mou had reportedly instructed his R&D department to focus on researching and developing mining software and mining trojans, back in 2015. Once completed, the trojan was innocently released to the public who downloaded it unaware of its true purpose. All the mining proceeds were automatically sent to He Mou’s wallet, while Chen Mou was responsible for handling payments.
It is not the first time Siacoin has been linked to a crypto hacking. You may remember last month’s coverage of more than 100,000 internet kiosk computers infected with malware. Reportedly, a network technician managed to spread the malware across 30 cities in China under the false pretense of a routine check-up.
Monero was also illegally mined recently using Apple MacBooks, which explains Palo Alto Networks’ report that 5% of Monero’s total supply has been illegally mined.
Not too long ago, UK’s National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) released a cybersecurity report in which it was concluded cryptojacking will remain as one of the biggest threats in 2018.
Featured image from Shutterstock.
Last modified: March 4, 2021 5:11 PM