Researchers at McAfee Labs have discovered a new form of Russian crypto-jacking malware called “WebCobra.” The software silently infects a victim’s computer and installs either a Cryptonight miner or Claymore’s Zcash miner into their system.
How Does It All Work?
Crypto-jacking is an illegal process in which a hacker takes control of a person’s computer network. They then use the individual’s computing power to mine cryptocurrency without their knowledge or consent. Though relatively new, crypto-jacking has become a serious problem over the past year and has resulted in a lot of expensive energy bills for unsuspecting victims.
McAfee researchers have observed the threats of WebCobra in regions across the globe such as South Africa, Brazil, and the U.S. At the time of writing, it is believed the malware arrives through rogue PUP installers, and while its architecture is still being studied, researchers have noticed that the malware learns everything about the victim’s network at an alarming rate, ensuring crypto-jacking efforts begin as soon as the miner is installed.
It’s Smarter Than You Think
McAfee Labs has released the following statement:
What is particularly interesting about WebCobra is that it learns everything possible about the user’s system, like what kind of architecture they are running, if there is anti-virus technology, etc. This cryptocurrency mining malware is also uncommon in that it drops a different miner depending on the configuration of the machine it infects. For instance, the main dropper is a Microsoft installer that checks the running environment. On x86 systems, it injects Cryptonight miner code into a running process and launches a process monitor. On x64 systems, it checks the GPU configuration and downloads and executes Claymore’s Zcash miner from a remote server.
Crypto-jacking has been observed at an exorbitant rate. In India, for example, platforms including the municipal administration of Andhra Pradesh (AP), Tirupati Municipal Corporation and Macherla municipality have all been infected. Government websites particularly face strong levels of danger thanks to the high traffic they witness.
People Need to Wake Up
Raj Samani – chief scientist at McAfee Labs – explains:
Crypto-jacking isn’t just a story for the consumer, but also for enterprises. If you are paying for processing power in a cloud environment, that will have a direct cost as well. Overall, this is just a numbers game. The more systems hackers infect, the more money they can make. If you are running a crypto-jacking campaign, then most likely you don’t care where the people and businesses are from. People also need to understand that this isn’t just about your computer getting slower, but this is going to cost you money over the long term. We are talking about organized criminal gangs running these scams, making crypto-jacking a form of organized crime that victims are helping fuel.
Are we likely to see further cases of crypto-jacking in the future? Post your comments below.
Image courtesy of Shutterstock