Monero (XMR) cryptocurrency is the focus of a new form of malware. The malware is targeting companies in Asia to mine this particular digital currency. Malicious crypto targeting computer program quickly infects Asian firms.
The news was published in a blog post on Wednesday by cybersecurity software provider Symantec. The post stated while over 80 percent of victims are in China, countries such as South Korea, Japan and Vietnam are also experiencing the breach.
The firm said the malicious code is a file-based crypto miner, not a browser-based one. It is called “Beapy”. A malicious Excel file is sent to victims as an email attachment. The attachment then downloads the DoublePulsar backdoor onto the victim’s system.
DoublePulsar was developed by the U.S. National Security Agency. It was stolen and eventually released to the public in 2017. According to the post, it was also used in the ‘WannaCry’ ransomware attack in 2017.
The miner is downloaded as soon as DoublePulsar is installed on to a victim’s machine. It uses another leaked NSA tool: EternalBlue, simultaneously. This tool uses unpatched computers to propagate across the infected network. Once in the network, EternalBlue is able to steal credentials to access patched machines.
Symantec said that crypto jacking malware can have a major impact on companies, including:
- slowing down device performance
- reducing employee productivity
- increasing costs
Even though over the last year cryptojacking activity has decreased by about 52 percent, businesses remain the main targets for hackers.
“Looking at the overall figures for cryptojacking, we can see that there were just under 3 million cryptojacking attempts in March 2019. While a big drop from the peak of February 2018, when there were 8 million cryptojacking attempts, it is still a significant figure.”
Beapy first came on Symantec’s radar in January of this year. The firm noticed increased activity since early March.
Due to Monero’s privacy features, it is the most popular cryptocurrency among hackers deploying mining malware by far. It is estimated in a recent academic study that around 5 percent of the total monero in circulation is mined.
Researchers discovered a form of malware at the cybersecurity firm Palo Alto Networks earlier this year. This malware first takes administrative control to uninstall cloud security products, and then injects a code to mine monero. The same team discovered another variant. This steals browser cookies and other information on Apple Mac computers to directly steal cryptocurrencies. Hackers have become quite inventive indeed!!