A discovery by McAfee labs has confirmed that a new crypto-jacking malware is out in the open. This new virus is capable of using the computer to mine cryptocurrency like Monera or Zcash. Famous symptoms of an attack are the computer getting hot and sluggish out of nowhere. McAfee labs have also identified the malware to be Russian. This virus is called WebCobra, and it is capable of installing cryptocurrency miners based on the system configuration of the affected computer.
Cryptojacking
The launch of cryptocurrency brought many concerns with it. However, the recent surge in crypto-jacking has become the primary concern of today. Cryptojacking means hijacking cryptocurrency. This practice is illegal and leads to the stolen cryptocurrency funds going to the person in control of the malware.
Cryptojacking is relatively new. However, a recent report from the CTA (Cyber Threat Alliance) confirms that this year, crypto jacking has increased by 459%. Another report by McAfee Labs claims that in the last quarter of 2017, crypto mining malware samples had risen to 40,000. This number, however, saw a 629% rise in the first quarter of 2018 to become 2.9 million samples. The trend has continued with another 82% rise in the second quarter. This meant the recognition of 2.5 million new crypto mining malware samples.
What is WebCobra?
Analysis has revealed more interesting information about the WebCobra. It has concluded that the malware was using a malicious Microsoft installer package to spread in computer systems. More interestingly, the Microsoft installer package only installed Zcash miner by Claymore on x64 systems and Cryptonight miners on x86 systems. The Cryptonight miners that WebCobra installs on x86 systems are not limited to Monero. Any cryptocurrency coin that can work with the Cryptonight algorithm is vulnerable to it.
Researchers have tracked the origins of this malware in Russia. However, reports suggest that the countries most severely affected by this onslaught include US, Brazil and South Africa.
Previously fake Elon Musk account, Target, and Google G Suite’s Twitter accounts were targeted by crypto scams.
WebCobra confirms that crypto-jacking attackers are getting smarter. This development is visible in the attack vectors becoming more complex with each passing day. Researchers came across the disguising of mining malware as Windows installer files last week. However previously, Swiss security experts had already warned that cryptocurrency scammers continue to add new techniques. An example includes trojan attacks.
Reactions
The McAfee Lab report reads:
“The increase in the value of cryptocurrencies has inspired cybercriminals to employ malware that steals machine resources to mine crypto coins without the victims’ consent. Coin mining malware will continue to evolve as cybercriminals take advantage of this relatively easy path to stealing value. Mining coins on other people’s systems requires less investment and risk than ransomware, and does not depend on a percentage of victims agreeing to send money.”
Stay tuned for more updates!
Muhammad Abdullah
Areen Zahra
1 comment
How does WebCobra typically gain initial access to a system?