Cryptominers were among the first ones to exploit the Log4j vulnerability. They often deploy botnets for cryptojacking when the price of cryptocurrency rises.
Recently, ReasonLabs researchers found a Monero miner in the Spider-Man: No Way Home torrent file. Criminals hugely embrace Monero due to its anonymous nature. Usually, we witness an uptick in cryptojacking when cryptocurrency price rises. And while we, if infected with crypto miners, may not even notice that, it helps criminals finance their operations and grow.
Cryptominers have now overtaken spyware as the world's most common malware. Recently, Google took action to disrupt the Glupteba botnet, notorious for mining cryptocurrencies on infected hosts. I sat down with Shiran Grinberg, Director of Research & Cyber Operations at Cynet, to discuss the harmful effects of cryptojacking.
Google took action to disrupt Glupteba, but does it mean it’s gone?
Like any significant criminal operation, it's just a matter of time. Emotet was taken down by Interpol, Europol, and local law enforcement agencies, and still, we start to see signs of new uprisings of the Emotet ransomware gang. The same goes for other groups, for example, Conti. We are talking about major incidents with significant implications on a global scale. Still, after the takedown operations and even physical arrests carried out in multiple countries (Ukraine, the US, Canada, South America), it is just a matter of time before they return.
We know that this botnet is highly sophisticated. How many more botnets sophisticated like this are out there?
This is one of the largest-scale cryptojacking botnets. That's precisely why Google and other teams hunted it. There are other botnet groups, which are very profitable and highly active, but they haven't been able to steal Google's attention yet. It is just a matter of time. It will be a target again when it hurts someone enough or becomes large enough, and those takedown operations will be a timely cure. The reason these botnets manage to stay active, from my perspective, is mainly because they mostly cause financial liability in the form of performance degradation. It does not necessarily have a direct impact like ransomware, where you can't work, and everything is encrypted. Until you pay the ransom, you won't be able to go back to your everyday operations. In these cases, where botnets are deployed for cryptojacking, the only effect on victim organization is a slower network and CPU, degradation of capabilities without even knowing that machines are using more power just because the computer is used for cryptojacking.
I wonder whether cybercriminals behind cryptojacking attack individuals like myself or are they after organizations?
They don't care. Their goal is to spread the cryptominers on as many machines as possible with as much processing power as possible. As you can imagine, the main target for that specific use case would be organizations because there are many machines with more processing units. Still, you can find many households with computers and infect them with cryptomining software.
If my computer gets affected, I might not even notice that. It may result only in CPU performance. But what other consequences may cryptojacking have?
First and foremost is you, me, and whoever has a computer infected with crypto mining software is helping in financing the criminal world. By allowing them to harvest their earnings from our machines, we help them buy them the next kilo of drugs or the next crate of guns. This alone is enough of a reason for global operations like Google's. Apart from that, I'm sure that none of us wants to replace the computer a year ahead of time because of the CPU overheating a lot because it is mining like crazy in the nighttime. It might also affect our electricity bill.
How clever is this malware that cybercriminals install on our computers? It probably goes unnoticed by the antivirus programs, and you said that it could stay in the system for an extended period.
Malware is indeed smart. Suppose you are using traditional antivirus solutions. In that case, they most probably will miss it since it utilizes defense evasion techniques to avoid detection by conventional mechanisms. It can be executed on various environments, such as Linux, Windows, and MacBook computers. It also samples the computer to understand which environment it is running on. It understands whether the system is running security solutions, it knows how to evade them. It understands geolocations, also if there are specific languages present in this particular machine, and it knows where it's located in the world.
Cryptomining is on the rise again. Do you have any statistics, insights supporting this statement?
It's on the rise, and it will be. The one thing that separates one peak from another is the leaps in prices. If you remember early 2016, Bitcoin's price was $1000-5000 dollars. In 2017-2018, it jumped to $20,000. It caused a massive surge in cryptojacking activity. When attackers realize that the value of cryptocurrencies rises, they do all they can to get hold of as much as they can. In 2020-2021, we had another considerable surge when Bitcoin price jumped from $6,000 to $60,000. You can imagine that was enough of a cause for another vast surge in cryptojacking activity.
Are they mining Bitcoin?
Most of the malicious mining operations concentrate around a coin named Monero.
But are they mainly watching the Bitcoin price?
Once they get hold of the Monero that they manage to mine on their victims' machines, they transfer it to Bitcoin or whatever other currencies they want. They focus on Monero because it is one of the most anonymized cryptocurrencies today. For each transaction, when I transfer money on the bitcoin blockchain from my wallet to your wallet, everyone in the world can see that transaction. With Monero, this is tricky. Monero creates seven rings of transactions to mask original transactions.
More from CyberNews:
Subscribe to our newsletter