Initially, the cryptomining malware aimed at generating cryptocurrency using open browser session but that has now changed.
Cryptomining has become the latest fad among malware developers probably because it ensures quick money without much ado. That’s because cryptominer infects a computer and uses its resources to mine for the desired cryptocurrency. So, what happens is that at someone else’s expense hackers manage to make millions of dollars.
According to the findings of the IT security researchers at CheckPoint, attacks involving cryptomining using the XMRig malware are increasing at a steady pace. The findings were revealed in the company’s latest Most Wanted Malware report for the month of March.
Rig EK ‘exploit kit’ was reported to be the second favorite mining tool for hackers with 17% score followed by Cryptoloot. While the most popular cryptocurrency that hackers prefer to mine is Coinhive, which has affected 18% of organizations worldwide so far.
Cryptomining has been increasing on not just PCs but also on mobile devices. Why excessive focus is laid upon XMRig is that it is relatively advanced when it comes to operating mechanisms of cryptomining malware.
Unlike previously identified cryptomining malware, this one does not require an open browser session to infect the device because it is an endpoint malware. This means it can infect targeted device and operate sans an active browser session.
XMRig, which was discovered in May 2017, basically isn’t malware but a piece of software that has been developed for mining Monero cryptocurrency. Palo Alto Networks, on the other hand, revealed that XMRig has managed to infect over 15 million devices across the globe and a majority of victims are located in South America, Asia, and Africa.
Check Point’s threat intelligence group manager Maya Horowitz states that the increasing dominance of XMRig means that hackers are actively investing in improving their attack methods to ‘stay ahead of the curve.’
Between May 2017, the month XMRig was firstly identified, in March 2018, security experts have noted at least 70% increase in the deployment of XMRig. The cryptomining malware is being distributed through file-sharing platforms such as Rapid Files, 4Sync, and DropMeFiles.
All of these platforms feature public links for downloads. Palo Alto Networks’ analysis suggests that malicious Adfly advertisement has also been playing an active role in spreading the malware.
After it is installed on a device, XMRig utilizes proxies to keep its traffic and wallet destinations hidden. It also adds the compromised device to an online marketplace called Nicehash. At Nicehash, users can sell their processing power to be used by cryptominers.
In order to stay protected, you need to implement the same measures of security that you do for other kinds of malware. That is, do not download applications or files from unauthentic, third-party platforms. Secondly, always keep Windows updated. Install reliable antivirus software. Never let users make system modifications.