Cryptocurrency-themed malware comes in many different shapes and forms. Ranging from ransomware to mining malware and cryptojackers, the number of threats is rising. A newly discovered form of malware known as Rakhni Trojan combines the concept of ransomware and cryptojacking into one potent offering.
Cryptocurrency Malware Remains Popular
The malware industry has evolved by leaps and bounds over the years. Malicious software is as old as computers are. The approach criminals take to creating and distributing these nefarious tool has shifted drastically to keep up with the times. These days, the main focus lies on malware, ransomware, and cryptojacking. All of these trends are tightly connected to cryptocurrency. This new form of money is perceived as anonymous, despite most coins lacking such a trait.
Thousands of computers have been infected by ransomware in the past few years. WannaCry was the most disruptive attempt. It claimed over 300,000 victims worldwide and nearly at the same time. Ever since that time, the industry has continued to grow. All of the research by criminals has culminated in the form of a new malware strain making the rounds.
The new nefarious tool goes by the name of Rakhni Trojan. It is a Trojan Horse threat which has been on Kaspersky Labs’ radar for some time. In a new iteration of the Trojan, a cryptocurrency component has been added. This seems to hint at the developer’s intention to explore cryptojacking opportunities. At the same time, Rakhni Trojan is also capable of delivering a ransomware payload instead.
The Rakhni Threat Is Problematic
Rakhni Trojan is extremely flexible. Once it infects a computer, the malware looks to see if a cryptocurrency wallet is found in the system. If so, then it will put into ransomware into place. If there is no cryptocurrency wallet to be found, the malware will instead then install its illicit mining component.
Anyone who does not have such a wallet will notice their computer slowing down. This is achieved by the cryptocurrency mining component found within the malware. Two currencies can be mined with this script, as both Monero and Dash are supported. The developer also ensures the mining tool is undetectable as it is signed with a Microsoft Corporation certificate.
Distribution of Rakhni Trojan occurs through the regular channels. An email phishing campaign has been uncovered by security researchers. In this message, victims need to open a PDF file pertaining to alleged financial documents. Not downloading any email attachments from unknown senders is always the best course of action.
So far, Rakhni Trojan is pretty much limited to Russia, where 95 percent of such cases are located. If your computer is infected by this malware, there are decryption tools available to help remove the threat.
Have you ever been affected by ransomware or an illicit crypto miner? Let us know in the comments below.
Images courtesy of Shutterstock.