A new bulletin from Russian Internet security company Kaspersky Labs, published on November 28, states that malware for crypto-contracting became increasingly popular among botnets in 2018.
Hidden crypto-server attacks, also known as cryptojacking, work by installing malware that uses a computer's processing capacity to mine cryptocurrencies without the consent or knowledge of the owner.
According to Kaspersky, after the crypto market declined in January-February 2018, interest in cryptojacking also decreased briefly; however, it has remained a constant and current threat throughout the year.
Among the botnets in particular, during the cryptojacking “boom” of the first quarter of 2018, the proportion of cryptojacking malware downloaded by the botnets, over the total files, reached 4.6 percent, compared to 2, 9 percent of the second quarter of 2017. The bulletin extrapolates that botnets are increasingly seen as a means to spread cryptanalytic malware, and that cybercriminals increasingly consider that cryptojacking is more favorable than other vectors of malware. attack.
Kaspersky discovered that in the third quarter of 2018 there was a decrease in the number of DDoS attacks from the botnets, arguing that “the most probable reason is […] the” reprofiled “of the botnets from the botnets. DDoS attacks up to cryptosurgery “:
“If executed correctly, [cryptojacking] may be impossible for the owner of an infected computer to detect […] reprocessing the existing server capacity completely hidden from its owner in the eyes of the law. Evidence suggests that the owners of many well-known botnets have changed their attack vector to mining. For example, the DDoS activity of the Yoyo bot network was drastically reduced, although there is no data on its dismantling. ”
Other factors in the increase in cryptojacking are the low “threshold of entry” for cybercriminals; Web browser-based code, such as Coinhive, is an option, and there is also a range of “ready-to-use affiliate programs, open mining pools and mine builders” available to attackers.
The report states that “time will tell” what will be the impact of the fall of the November crypto market on the prevalence of infections by cryptojacking.
In mid-November, the cybersecurity research team McAfee Labs discovered a new malware for mining manufactured in Russia that uses consumer devices to mine Monero (XMR), which works almost without a trace.