The South Korean police have arrested five people for injecting malware in the computer of over 6,000 people. The local police have joined efforts with the Korean National Police Agency Cyber Bureau to arrest a group of five hackers led by Kim Amu-Gae, 24, which have released 32,435 emails containing a crypto mining malware.
These emails were sent in a period that goes from two months: October to December 2017. The hacker group decided to send messages to many job applicants posing as employers. They impersonated recruiters and then sent individual emails to all applicants.
South Korean police believe that the emails contained crypto mining malware disguised as documents and files that were sent to people who filed their applications on the platform created by the hackers. Because of this fake bond of trust, more people opened the files or downloaded them believing that the documents were legitimate and ended up installing the crypto program that ran in the background of their computers.
Due to anti-virus software, most of the malware was deleted within a few days but cybersecurity firms initiated an investigation of the mining scam and local experts discovered the scheme, alerting the police.
Because the answer was so quick, the group was not able to generate a significant revenue at the time. In most cases, the malware was detected from three to seven days after the infection, so while the infection was able to infect a total of more than 6,000 people, only about $1,000 USD in profit was generated.
It should also be noted that the opening rate was actually pretty low for a such a high-effort scam. Less than 20 percent of the potential victims opened the software. Looking at it like this, this crypto malware campaign was an utter failure. Most users were not affected and the ones that were only stayed infected for some months. Also, security firms reacted very fast.
The investigators told the local media that crypto jacking significantly reduces the performance of computers and it can be very dangerous when exposed to institutions as well as have a serious effect on society at large. Because of this, the presence of the anti-virus software was essential to quickly finish the threat.
According to reports, Monero, a cryptocurrency that does not show your transactions and it is therefore known as a privacy coin, was mined by the group. The hash rate of Monero is experiencing significant growth over the last months and it looks like a good part of it comes from hacked computers.
South Korea is a very crypto intensive country. It might have only 0.67 percent of the world’s population but it is the third biggest trader of Bitcoin globally and has 17 percent of all the Ethereum traders in the world. This might be another factor for why so many crypto jacking scams and malware attacks come from the country.