A new campaign designed to illicitly mine cryptocurrency has been uncovered. Known as Smominru, the campaign has already targeted approximately 500,000 computer networks around the globe to steal both cryptocurrencies like Monero and people’s private financial data.
Monero Tends to Be the Cryptocurrency of Choice
The fact that Monero is being targeted would place this attack in the category of crypto-jacking. The process involves a hacker or hackers obtaining access to a person’s computer or smart device without their consent or knowledge. From there, the hacker uses the person’s energy source to mine Monero and garner serious profits through the extraction of new coins. Unfortunately, the victimized individual earns nothing unless one counts the harsh electricity bills that they receive at the end of each month.
It’s an unfair and cowardly process that’s garnered heavy popularity over the past few years, but where this campaign differs is in that the hackers are not simply after digital currency… They want to steal your access information in what’s known as “access mining.”
Researchers at Carbon Black’s Threat Analysis Unit (TAU) say this is done by uploading trojan viruses to crypto mining code, which can be used to garner victims’ login data through command-and-control setups and compromised servers. At press time, it’s alleged that this kind of attack has been open to exploitation for approximately two years, and has targeted victims primarily living in Asia.
Researchers explain in a statement:
Based on the specific details they’ve gathered, it is plausible this information could be sold on an access marketplace, allowing for remote access into these systems for use as zombies in large-scale attacks or to execute targeted attacks on specific hosts at specific companies… Combining all these factors pains the picture of a threat actor who had motivation to move away from commodity malware, but instead had the right tools and environment to evolve the commodity threat to mask a new cybercrime business model of mining system access for resale and distribution. Now, instead of relying solely on revenue from Monero mining, they have supplemented that revenue with the sale of remote system access at scale.
In a related story, analysts claim North Korea is pulling a similar stunt and hijacking computer networks to mine cryptocurrency so it can continue to fund its nuclear program. A confidential U.N. report suggests that the nation has been employing several different methods of stealing money, and crypto-jacking is only one of them.
The document states that officials in North Korea have thus far garnered more than $2 billion in illicit funds through approximately 30 different attacks on 17 separate countries.
North Korea Will Do Anything for Extra Cash
FBI Intelligence analyst Tonya Ugoretz comments:
Sanctions are having an economic impact, so cyber operations are a means to make money, whether it’s through cryptocurrency mining or bank theft.