New Russian-based malware mining crypto from unsuspecting victims

November 19, 2018
Kane Pepi


New Russian-based malware mining crypto from unsuspecting victims

Have you recently noticed that your computer is running a lot slower than it should be? Or maybe it is constantly overheating or making a rather loud noise? If so, you might have fallen victim to a new cryptocurrency malware scam.

According to recent reports, the scam centers on an innovative piece of malware that has the ability to infect unsuspecting computers with a particular cryptocurrency mining program. The malware program is believed to be so advanced that it has the potential to install the most efficient mining program, based on the computer’s underlying specifications.

Believed to have originated in Russia, the malware, suitably named “Web Cobra,” is specifically targeting the mining of either Zcash or Monero. For example, while the malware program prefers Clamore (ZCash miner) on x64 systems, Cryptonight (Monero miner) is utilized on its x86 counterpart.

The idea is simple. Once the malware is infected on to the victim’s device, the mining software will then utilize the user’s surplus computation power to mine cryptocurrencies. Due to the covert nature of the installation process, users are often unaware that the program is in operation. The only tell-tale signs available are an ultra-slow, hot and loud computing system.

According to researchers at anti-virus entity McAfee Labs, scams such as the Web Cobra malware are becoming ever more popular. The key reason for this is that the operation carries very little risk from the perspective of the criminal. Not only can scammers hide behind proxy-servers and anonymous browsers such as TOR, but privacy coins like Zcash and Monero are virtually impossible to trace.

One such route that the Russian-based malware crooks are looking to utilize is through the registration of domain names. Those involved register a domain name that resembles that of a popular social media network, such as Twitter. Although users are able to identify the illegitimacy of the fake website upon visiting, the few seconds they spend on the platform is enough for the hackers to infect their machine.

Furthermore, the hackers also create fake advertisements that inform the user that their computing system is infected with a virus. Upon clicking on the ad to receive help from the non-existent technical support team, the attackers are then able to infect the unsuspecting victims machine

Ultimately, as the wider cryptocurrency markets increase in scope, advanced malware scams could be the most efficient way for criminals to profit from the digital phenomenon.