Trend Micro Identifies Hackers Embedding Crypto Mining Malware in Windows Installer Software
Crypto jacking is getting more complex. Now hackers are creating mining malware and tricking Windows computers into thinking, they are getting legit Windows installation files. Researches have said that Coinminer, the most popular crypto mining software for hackers, is designed to hide in plain sight. The main reason it is so hard is that it uses various methods of obfuscation.
Who Discovered It?
According to TNW, Trend Micro, a firm concerned with online security, discovered the attack. It has since gone on to examine the issue in detail. Trend Micro revealed that the malware is sent as a Windows Installer MSI file. This is a clever trick since Windows Installer is a genuine app used for file installation. With the aid of a real Windows file, the software is able to bypass some security measures.
The trickery does not end there. Once they install the malware, they will have other files, which are used as decoys. For instance, it comes with a script to contract any anti-malware software. The other part is the crypto miner that it needs to install on your machine.
To ensure it is hard to detect, it comes with self-destruct mode. This way, once detected, it can destroy itself and cover up its activities. This makes it hard to come up with an active solution in the future. Trend Micro noted that they had not traced the attack to any nation. However, they noted it was using Cyrillic. This is an alphabet that been quite popular with crypto criminals. Thus, it could be a last-ditch attempt to throw investigators off track.
The Crypto Malware Problem
The problem intensified at the start of 2018. Experts said that with crypto becoming so expensive, hackers would send crypto miners to places they would not be expected to be found. In some cases, crypto malware has been hidden in Adobe Flash updates, government sites, commercial sites, and even routers.
Hacking at a University
In a recent incident, a university in Canada had to shut down their entire network for a while. This was after they found that hackers had been using their resources to mine Bitcoin. Thus far, there have not been many details on the hackers. The university revealed they would bring the network back online with a staggered approach. This would help them reduce risk.
Crypto mining is known to consume a lot of computing power. A sign that you have crypt malware on your computer is if the fans begin to roar. Your computer could also heat up and slow down a great deal.
In 2018, the crypto jacking appears to have eclipsed ransomware. This new type of malware does not require any action from the affected person. Unlike ransomware where a user has to deposit crypto in a given account, the user needs to make a few mistakes with a mouse.
Some estimates claim that this malware helps earn hackers about $250,000 each a month. They appear highly organized and skilled. It appears they meticulously create and deploy this malware. However, there has not been an effective solution thus far since they keep evolving.