Researchers at Internet security McAfee Labs has detected a new variant of the malicious software for cryptogamia. According to a post on the company blog, titled “WebCobra”, created by Russian hackers, downloading one of two clients for hashing and uses the CPU power of infected devices for mining Monero or zcash for.
WebCobra without the consent of the owner of the equipment sets the Cryptonight miner or a specialized Claymore for mining zcash for, depending on the configuration of the computer, in fact, stealing processing power of the victim:
“On the x86, it sets the code of the Cryptonight miner in the current process and starts the tracking process. On x64 systems it establishes the configuration of GPU and download and run the miner for mining zcash for Claymore with remote server”, the statement reads the McAfee Labs.
The company’s specialists pay attention to what is detected in the system around the world, with the largest distribution in Brazil, South Africa and the USA. Feature WebCobra that it leaves almost no trace, the only sign by which we can suspect that the infected device, is its low efficiency.
However, according to cyber security researchers from Trend Micro, there are many types of software for covert mining, which remains resistant to any attempts to detect them due to the high complexity of execution. Most users and even detectors cannot detect, until their computer starts to run much slower or fail completely. By this time, the victim also runs the risk of a huge bill.
McAfee Labs recommends that users monitor the emergence of specific signs in the computer. For example, if the system began to work much slower without any reasonable cause, it is worth considering.
“Soft for covert mining all coin hard to find. If your computer is compromised, the malware runs quietly in the background, and there is only one sign: a deterioration in the quality of work. As malware increases the power consumption, the computer slows down, leaving the owner with a headache and in disbelief of the amount in the account,” warns McAfee Labs.
As previously reported by the Cyber Threat Alliance (CTA), cases of malware for covert mining of cryptocurrencies in 2018 became almost 500% more some experts describe what is happening in this epidemic. A new wave of cyber crime, whose victims are unsuspecting computer owners, of course, created a splash on the cryptocurrency market. However, as stated, a cryptocurrency with high anonymity Monero has become the most preferred target of the miners.
The graph shows how the spread of malware is rising in tandem with the dynamics of the rate of Monero.
The enormous increase in the extent of cryptogamia also associated with leak exploit EternalBlue, exploited software vulnerability in the Microsoft Windows operating system.
It is believed that the responsibility rests with Microsoft and the national security Agency USA (NSA) in April 2017, the group called “Shadow Brokers” has laid out a package of stolen NSA tools on the market. It was subsequently used for development of malicious software for covert mining of cryptocurrencies that are now quite hard to stop.
“Patch for EternalBlue has been available for 18 months and even after that was used to create two serious global cyberattacks — WannaCry and NotPetya a number of organizations who are victims when you use this exploit, countless, because it is mining malware,” said Neil Jenkins (Neil Jenkins), senior analyst at CTA.
Microsoft accused of leaking US government, saying that employees of the state Department was careless and irresponsible in their “storage” cyber-weapons.
“This attack is another example of why storage vulnerabilities on the resources of the government is such a big problem. Repeatedly exploits in the hands of governments, has resulted in the leak of information and its falling into public domain, which resulted in widespread damage,” said brad Smith (Brad Smith), President and General counsel for Microsoft.
We will note, last month Google announced that it will remove all extensions that contain tangled code from Chrome Web Store in order to continue the fight with a hidden mining.
Initiative to combat cryptocaryon in October was launched by the Monero community — to help users set up the special website.