TronWeekly

Crypto World News

You are here: Home / Archives for Cryptojacking

Cryptojacking

Cyber Crimes On The Rise As Mexicans Express Concerns

by

In recent months, Mexicans have expressed their lack of trust in public cloud network security as cyber crimes and cryptojacking incidents spike. According to El Economista, approximately two-thirds of Mexican firms that use cloud networks such as Amazon, Microsoft , and Google report security issues that cause negative portrayals among Mexicans.

Notably, due to their security vulnerabilities and incidents such as the recent DoppelPaymer hackers assault on Pemex oil company, only a few people trust cloud networks, which in effect leads to public disapproval of the network.

Crypto-related crimes are increasing steadily

There has been a rise in cyber-attacks in different nations, according to recent reports. Mexican companies have confirmed cases of unidentified cyber criminals having penetrated their means of cloud storage to crypto mine, or rather cryptojack.
Latin America ‘s general sales manager cyber security firm Netskope, Alan Karioty, told local media El Economista that the ongoing attacks on Ransomware resulted from ignorance of companies on matters on the security of cloud computing systems.
Consequently, the manager of engineering at Sophos in Latin America, Leonardo Granda, also voiced his opinion on the security vulnerabilities facing cloud networks. He said data loss was a direct result of the poorly set up public access system in the shared cloud storage. He also said it leaves data sources vulnerable to cyber criminals attacking because fraudsters can easily search for them using updated search engines such as Shodan, which they can use to draw them away.

Latin America is fast becoming a soft target for cyber crimes

The continent has reported numerous cases of cyber attacks late and has thus become a soft target for cybercriminals. Nations like Colombia were predominantly one great example. According to a study done by Colombia’s National Police, the rise of cybercrime attacks has been reported. The report also adds that even 30 percent of the attacks on Latin America have targeted Colombia specifically. However, the main priority for cybercriminals was public entities.

Cryptojacking Cases Soar During the First Quarter of 2020, Singapore a Major Target says Kaspersky

by

Over the last few years, malicious attacks and fraud have been rampant in the cryptocurrency industry. Bad actors have come up with new and improved ways to scout their victims with a lot of falling prey because they ignore the basic rules on digital platforms.

Kaspersky’s recent report revealed that countries like Singapore had become a hotspot for malicious movements like cryptojacking. Twenty-twenty spelt problems as the organization pointed out an increase in virtual asset fraud in the first three months of the year.

This is not the first time this issue has been addressed with an analysis of 2019, which also shows a record increase in cryptocurrency-related attacks. In its report, Kaspersky was careful to mention the concentrated focus of hackers on the South Asian market. In the first three months of 2020 alone, Kaspersky blocked more than 11,700 cryptojack attacks. What made this information more shocking was the fact that all these attempts were made in Singapore alone.

This massive increase in fraud was a giant leap from the 2900 hacking attempts that occurred in the first quarter of 2019. The growing dominance of South East Asia in the digital asset world has been cited as the main reason for this uptick. Countries like Singapore and China have made news on a number of occasions because of their close ties to the digital asset ecosystem. In layman’s terms, cryptojacking is the unauthorized use of someone else’s cryptocurrency device.

Speaking about the growing number of cryptojacking cases within the Asian market, Kaspersky General Manager for South-East Asia Yeo Sian Tiong said:

“Cryptojacking, or malicious mining, is the unauthorised use of someone else’s device to mine cryptocurrency. Cyber criminals use various means to install miner programs on other people’s computers, preferably in bulk, and take all of the profit from cryptocurrency mining without incurring any of the equipment or electricity costs.”

Research has shown that hackers have used basic techniques such as phishing and fake links to lure victims to reveal their private information. This was then used to get into their cryptocurrency wallets and transfer all their assets to the scammer’s kitty. Some even use user data to access their computing power to mine cryptocurrencies. Sources say that it was no longer profitable to mine cryptocurrency using one’s own equipment during the current market condition. This prompted a number of users to choose a cryptojacking path.

Kaspersky added that since the outbreak of COVID-19 and the subsequent lockdowns began, the jump in cryptojacking cases has been astounding. The concept of Home Work has given ample time for people to engage in nefarious activities leading to the suffering of others. Officials like Mr. Lim have informed users that they should remain vigilant online and never disclose personal information or click on suspicious links that may be sent to them.

Crypto-Jacking Post Office Head Indicted in Russia

by

The Russian police have arrested a crypto-jacking post office head, who used computers in his post office branch to mine digital currencies. According to local reports, the now-former regional post office head used to illegally mine cryptocurrencies while on the job.

The local police started investigations on the former post office chief who managed to use his branch’s computers to obtain digital currencies. in a town of Mineralnye Vody located in the South of Russian.

As per the report by the local news outlet, the SU Investigative Committee of Russia for the Stavropol region; the former regional head allegedly installed specialized hardware on the office’s computer system and mined digital currencies for almost six months. The project set by the crypto-jacking post office head dates back to September 2019.

Crypto-jacking post office head caused damages worth $427.50

Moreover, according to law enforcement, the Federal Postal Service of Stavropol Territory, suffered damages worth over 30,000 Russian rubles ($427.50). The former post office chief will be arraigned for “abuse of power,” as set forth by the law of the Russian territory.

The detectives in charge of the case are still in the evidence collection stage. In addition, the identity of the accused remains anonymous as the local authorities continue with investigations; with the criminal charges not yet filed. 

Cryptocurrency mining suppression in Russia

Furthermore, a similar incident was reported in Russia’s city of Saint Petersburg back in March. The local authorities coordinated an operation to crack down Bitcoin miners in the region; who illegally consume $200,000 worth of electric power every month to run their mining operations.

The crypto mining criminals managed to establish eight stations in different locations  using complex electric metered programs to downplay the actual power consumption; while connecting their cryptocurrency mining equipment to the national grid directly

New Cryptojacking Malware Vivin Mining Hundreds of Thousands of Monero Coins

by

Cisco Talos cybersecurity experts are tracking down a 2-year old malware that has been conducting an active crypto mining campaign of Monero coins. 

Cybersecurity methods of preventing data breaches have evolved tremendously and so have cyber criminal mechanisms. Researchers at Cisco identified the cryptojacking malware as Vivin and indicated it had been active as early as 2017. A 2018 report from the Cyber Threat Alliance (CTA) revealed a 459% increase on the rate of illicit cryptojacking that year. This trend continued to grow for the better part of 2018 with McAfee Labs reporting a 659% increase by the end of Q1. 

Meanwhile, McAfee Labs research found out that increasing cryptocurrency prices fueled the rise of cryptojacking malware. However during a Threatpost podcast,  Cisco Talos cybersecurity researcher Nick Biasini pointed out that hackers did not require huge amounts of money so as to drive these operations. As long as the illegal ventures generate any amount of revenue, as long as money is the guarantee; cyber attacks are here to stay. His suggestion was to drive the point that Monero crypto mining malware was still on the rise, despite the coin’s diminishing price. 

For a malware campaign that has been in existence since November 2017, they must have mined thousands of dollars of Monero coins from unsuspecting host computers. 

Note that cryptojacking involves hijacking user computers and exploiting their computing power to mine digital currencies. The activities usually take place without the owner’s knowledge. Eventually, the malware sends the mined funds to the criminals controlling the software.

Talos discovered that the Vivin malware was rotating multiple amounts of wallet addresses and corrupting payload delivery chains. Activities which took place across different timelines. However, the first actor to infecting computers with Vivin involved installation of pirated software. The software opened up the infected computer to a backdoor as the initial attack vector; upon which the code executed an XMrig mining software installation. 

Nevertheless, the perpetrators of the attack did little to nothing in hiding their activity. A host of poor security decisions like posting similar Monero wallet addresses revealed their track. However, as Talon came to establish – the poor operation decision were a well thought generalization pattern for massive targeting of general user behavior. 

Vivin Cryptojacking Malware Prevention

Vivin attack point of attacks however offers computer users numerous tactics, techniques and procedures (TTP) for mitigating risks. To prevent the threat of cryptojacking malware and especially in this case Vivin attacks, observe the following: 

  1. Avoid pirated software usage on endpoints
  2. Ensure perfect event logging and monitoring
  3. Observe proper system resource monitoring
  4. Block mining pools URLs
  5. Implement detection signatures

Biasini noted that he wasn’t surprised that cryptojacking malware were still currently present. The researcher said that cybersecurity and TTP attack prevention might have mitigated the first phase of cryptojacking. However, there was a second wave of cyber criminal behavior occasioned by sketchy data phishing and brute force. The initial wave, he noted, characterized spam campaigns and infected mail documents. 

During press time, Vivin attacks are active and still mining hundreds of thousands of dollars from unsuspecting computer users. It is therefore essential that people observe good cybersecurity hygiene before they have their computer resources milked dry. 

 

New Cryptojacking Virus “Norman” Targets Monero (XMR) Mining

by

The latest report by cyber-security firm, Varonis finds that a new cryptojacking virus, Norman is targeting Monero cryptocurrency. The finding made public on August 14, hinting that it will mostly affect a mid-size company.

New Monero Mining Malware Detected

Monero is famously named as the “privacy-centric” cryptocurrency – however, the research on August 14 reveals that the Norman aims to mine CPU_centric coins like XMR/Monero and evade detection.

Norman is the new cryptojacking virus that will supposedly use the computing power of the user’s computers to mine cryptocurrencies. The case of Norman particularly highlights Monero (XMR) as it is based on XMRig and report described it as the “high-performance mining algorithm for Monero cryptocurrency”.

The research firm outlines that;

“Almost every server and workstation was infected with malware. Most were generic variants of crypto miners. Some were password dumping tools, some were hidden PHP shells, and some had been present for several years,”

It states that the malware closes crypto mining as soon as the user opens up the task Manager whereas it will re-launch the mining process again once the Task Manager closes. The Research noted;

“Norman employs evasion techniques to hide from analysis and avoid discovery,”

It’s worth mentioning that Monero is much likely a favorite cryptocurrency for hackers and attackers as crypto space witnessed several malware incidents for XMR earlier.

However, the security firm suspects that it has french variables in the code and accordingly notes this malware is likely derived from a country of French speakers. According to the researchers at Varonis, Norman is based on the PHP programming language. It went on adding;

“The malware may have originated from France or another French-speaking country: the SFX file had comments in French, which indicate that the author used a French version of WinRAR to create the file,”

Up until August 14, Norman attack almost every workstation and server at one “mid-size company.” Researcher indicates that the strain of Norman executes Monero mining in three steps, execution, injection and then crypto mining.

Disclaimer: The presented information is subjected to market condition and may include the very own opinion of the author. Please do your ‘very own’ market research before making any investment in cryptocurrencies. Neither the writer nor the publication (TronWeekly.com) holds any responsibility for your financial loss.

Never miss our daily cryptocurrency news, price analysis, tips, and stories. Join us on Telegram | Twitter or subscribe to our weekly Newsletter.