Malware is one of the most common cybercrime attack methods because it’s so profitable for cybercriminals and it can be delivered via email or compromised websites.
Ransomware and spyware have long been the most common malware types but recently, with the surges in cryptocurrency value, a new malware pandemic is appearing: cryptojacking.
Cryptojacking is a devious technique criminals have come up with to use malware to mine cryptocurrency on hijacked machines.
The creation of cryptocurrency like Bitcoin, Litecoin, Ethereum and many others, is done through a process known as ‘mining.’ Crypto mining is actually a computation process performed by microchips; a computer mining Bitcoin is basically solving a series of very complex mathematical problems that require time and computer processing capacity to complete.
Most Bitcoin mining is done with dedicated computers with very powerful processors, but it is also possible to mine some cryptocurrency on ordinary devices like PCs and phones.
When cryptojacking malware first started to appear it was generally found embedded in web pages and infected victim’s devices when they browsed a compromised site.
As the threat has evolved, scammers have found new ways to implant their malware and now cryptojacking attacks often start with a malicious email. The victim will get a message in their inbox with some sort of link to a file or web page infected with the cryptojacking malware. Malicious emails are usually designed to look harmless; cybercriminals try to make their scam messages appear to be from a large company or government organisation that has a trustworthy reputation. Think of parcel delivery scams from DHL, fake online shopping notices from eBay, or fraudulent notifications from your government tax office.
Most victims of cryptojacking malware attacks don’t even know their machine has been infected. The malware works in the background, mining cryptocurrency and delivering it to the criminals without the victim’s knowledge. The only side-effect of the malware infection will be a dip in device performance because of the extra work the processor is doing.
All devices are at risk
Cybercriminals use cryptojacking attacks to take control of all kinds of devices. Recently there has been a big increase in cryptojacking attacks aimed at phones. A 2018 report found that cryptojacking attacks on Android devices had increased by a staggering 4000% in the first three months of this year.
Although an individual phone doesn’t yield much processor power on its own, criminals can build a botnet of infected devices and make them work together. In this way they can harness vast processor resources across a network of infected machines, stealing a small amount of bandwidth from each device.
Breaking news: WinstarNssmMiner
That’s not a typo; WinstarNssmMiner is a newly discovered cryptojacking malware which has the built-in ability to crash victim’s computers if they attempt to remove it.
This week, researchers announced they have identified WinstarNssmMiner in half a million cryptojacking attacks occurring over a three day period.
The recent growth in the cryptocurrency market will likely create even more incentive for criminals to perpetrate cryptojacking scams. Cybercriminals use simple scam emails to infiltrate organisations with malware and attack them from the inside.
To avoid becoming a victim it’s a good idea to familiarise yourself with the most common elements of the email scams used to deliver cryptojacking malware.
You can learn more about email scams and their indicators in our blog article ‘Brandjacking scams: data theft and malware hiding in plain sight.’
All criminals need to break into your business is a cleverly worded email. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: