Researchers at computer security firm McAfee Labs discovered a lethal new cryptojacking malware called “WebCobra,” which steals victims’ computing power to mine the cryptocurrencies Monero or Zcash secretly.
The spike in cryptocurrency prices has inspired a new wave of cybercriminals, who use malware to cannibalize unsuspecting victims’ computers to mine crypto.
McAfee Labs says the Russian application WebCobra stealthily installs the Cryptonight miner or Claymore’s Zcash miner, depending on the configuration of victims’ machine.
“On x86 systems, it injects Cryptonight miner code into a running process and launches a process monitor,” McAfee observed. “On x64 systems, it checks the GPU configuration and downloads and executes Claymore’s Zcash miner from a remote server.”
While the malware originated in Russia, researchers claim they have spotted it around the world, with the highest number of infections found in Brazil, South Africa, and the United States.
There is plenty of mining malware nevertheless which, according to Trend Micro, remain undetectable due to their higher sophistication, reported CCN. That said, most users – and even detectors – would not be aware of an intrusion unless their computer acts sluggish or breaks down entirely. By that time, it may be too late, and the victim could be left stuck with a massive bill since crypto-mining uses a lot of electricity.
McAfee report recommended users to look out for signs from their computers. For instance, if they are acting sluggish for no concrete reason, then they may be affected by one of the malware.
“Once a machine is compromised, a malicious app runs silently in the background with just one sign: performance degradation,” McAfee Labs warned.
“As the malware increases power consumption, the machine slows down, leaving the owner with a headache and an unwelcome bill.”
The chart below shows how malware infiltration increased in tandem with Monero price movements.
Cryptojacking has surged a whopping 459% in 2018, according to the Cyber Threat Alliance (CTA). The unexpected spike has been blamed on the leak of EternalBlue, a software vulnerability in Microsoft’s Windows operating system.
Experts say Microsoft and the National Security Agency are both responsible for the leak, which occurred in April 2017 when a group called the “Shadow Brokers” put a packet of stolen NSA tools on the market.
The packet was used to develop malicious crypto mining software that has been hard to stop.
“A patch for EternalBlue has been available for 18 months and even after being exploited in two significant global cyber attacks – WannaCry and NotPetya – there are still countless organizations that are being victimized by this exploit, as it’s being used by mining malware,” said Neil Jenkins, chief analytics officer for the CTA.
Microsoft has blamed the U.S. government for the breach, accusing it of being careless and reckless in its “stockpiling” of cyber-weapons.
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” said Brad Smith, the president, and chief legal officer of Microsoft. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”
Featured image from Shutterstock.
Last modified: May 20, 2020 2:25 PM UTC