Cyber Security industry warnings of Script-based virus proliferating in search of coins in 2018 have come true. Script based virus has reached epidemic proportions, and contingency security measures are the need of the hour, warn experts in crypto-threat experts.
Trend Micro is one of the security firms engaged in threat detection was unsettled to discover that coin miners were actually riding on Windows Installer-like installation packages to bring in malware to the system. The legitimate-looking packages could easily hoodwink local security levels. Most importantly, the malware was self-destructive making it impossible for users to detect the presence of the virus in the background.
Threats amplified by a coin-mining virus
Cybersecurity needs and threats appear to have amplified by x times the number of cryptocurrencies being born. Malware of every type tries to crypto-jack using scripts being hidden in every conceivable downloaded app, productivity tool or advertisement. These crypto-snaring virus have come riding on updates to programs such as Adobe Flash, hacking of government sites, routers as well as advertisements.
The reasons for crypto-jacking have been widely reported. Criminals profit by way of robbing coins mined by others or use the computing power of unsuspecting victims typically government institutions which house massive computational infrastructure to stealthily my coins in the background. Researchers have been able to identify nearly $250,000 in profits being made by these crypto-jackers.
Windows Installer
One of the latest virus-heists for cryptocoins has been the use of Windows Installer MSI file on the machine of the victim. Windows Installer is considered to be a legitimate application for installing software. The real component thus becomes ‘less suspicious and will also allow’ it to bypass security filters.
The trick that the hackers will typically use is that the malware directory will contain files which are usually decoys. The installer will operate like a script and will counteract anti-malware processes which run on any machine. Additionally, it will also control the mining module of the cryptocurrency.
Self-destructing
The highlight of the research is that the malware includes a self-destruction mechanism so that the tracks are covered. The research report indicates that the detection, as well as analysis, shall become more difficult in terms of the malware deleting every file in its installation directory. In the process, all the traces of installation are removed from the system.
The researchers have found it very difficult to link back to the originating country. It has found that the proxy-installation package uses Cyrillic, a language which is the default script for many a crypto-mining virus.
Even as the adoption of cryptocurrencies begins to gather momentum, cyber-jacking is one of the biggest trade-offs. As for the price of these non-fiat currencies increases or their value in terms of fiat currencies like the US Dollar increase, they appear more and more attractive to criminals.
