Earlier this week, the Monero (XMR) community announced the launch of a new website that aims to educate users on cleaning up crypto-jacking malware and ransomware.
The ease of mining and privacy of Monero are standout features for the coin. However, the features attract bad actors who use the coin in malware.
Justin Ehrenhofer, the director of the Malware Response Workgroup, told CCN that two main factors make XMR attractive to hackers:
“Attackers like Monero for two reasons: 1) it is private, so they do not need to worry about companies and law enforcement tracing what they do with the Monero after they mine it, and 2) Monero uses a Proof of Work (PoW) algorithm that is CPU and GPU-friendly; thus, the infected machines are competitive. These two components are increasingly distinguishing factors for why attackers choose to mine Monero over other cryptocurrencies.”
The capability to use cryptocurrency in malware is not unique to Monero. Bitcoin and other digital currencies have been used in the same attacks described above, but XMR has privacy features that make it stand out.
Asked what led to the creation of the working group, Ehrenhofer said, “We created this workgroup to help the victims of these mining/ransomware attacks, who often have no idea what Monero, mining, and cryptocurrencies are… the increased prevalence of Monero-related malware prompted the formation of the workgroup.”
The new Malware Response website seeks to inform visitors on the ways to prevent and remove malware. As stated, it’s expected that visitors will land on the site frustrated and seeking answers, since most do not understand what is happening.
In addition to discovering if XMR-based malware is running on your computer, the site includes remedies for the three types of attacks that are used: browser-based mining scripts, system/PC based malware, and ransomware.
Scripts to mine Monero in the browser are occasionally deployed as an opt-in service as a way for visitors to fund websites. As CCN reported, Slate.com briefly added crypto mining as an option for visitors instead of advertisements. If readers opted-in, their browsers would mine XMR with their computers’ resources while they browsed the site.
However, attackers can also inject mining scripts into vulnerable websites without the webmaster or visitors knowing, which is known as “cryptojacking.” As CCN reported, McAfee labs reported that cryptojacking increased by 86% in the second quarter of 2018. Addtionally, for 2018 so far, illegal cryptojacking is up a shocking 459%, thanks largely to the leaks from the NSA’s hacking tools. Criminals then used these tools to infect computers with malware.
As the NSA (and Microsoft) have already admitted blame for the blunder, one would think they would be the entities creating an educational site like Monero’s.
As cryptojacking attacks are new to webmasters/internet users and sometimes sophisticated, education is a key role in quickly discovering and responding to security breaches.
The Monero technology and community do not condone of any malicious activities that Monero is used in, as Ehrenhofer made clear.
“Monero itself and the community aren’t attacking computers, but the computers are attacked with some vulnerability and the attacker decides to run mining software on the compromised machines,” he said.
Images from Shutterstock
Last modified: May 20, 2020 5:20 PM