McAfee Labs is known for their protection software that has been highly popularized since consumers started using the internet. It should come as no surprise that their latest press release shows that they have discovered a new malware from cryptocurrency hackers. Rather than stealing the personal information of investors and investor wallets, the malware links directly to the user’s device to mine Monero (XMR).
The malware is being called “WebCobra,” and it is believed that the program came from Russia. When a device downloads it, the processor of the infected device generates coins. It runs almost seamlessly in the background, so most of the infected users do not even realize that it has been downloaded. The only real difference is the performance of the hardware, considering that the battery power will run out much sooner.
On the official press release from McAfee’s website, researchers Kapil Khade and Xiaobing Lin commented,
“Coin mining malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background with just one sign: performance degradation. As the malware increases power consumption, the machine slows down, leaving the owner with a headache and an unwelcome bill, as the energy it takes to mine a single bitcoin can cost from $531 to $26,170, according to a recent report.”
McAfee credits the “increase in the value of cryptocurrencies” as the reason that so many online hackers have been using malware to steal resources and underhandedly mine coins. In a report from CoinTelegraph recently, the media outlet estimated that 2018 has seen a 500% increase in malware downloads.
The researchers concluded their report with a realistic view of the continuation of these types of attacks, and how cyber criminals will continue to make progress.
The report says,
“Coin mining malware will continue to evolve as cybercriminals take advantage of this relatively easy path to stealing value. Mining coins on other people’s systems requires less investment and risk than ransomware and does not depend on a percentage of victims agreeing to send money. Until users learn they are supporting criminal miners, the latter have much to gain.”
Neil Jenkins, a chief analytics office for the Cyber Threat Alliance (CTA), said that a leak in Microsoft’s Windows operating system, a vulnerability called Eternal Blue, is the cause of these widespread cyberattacks.
“A patch for EternalBlue has been available for 18 months and even after being exploited in two significant global cyber-attacks – WannaCry and NotPetya – there are still countless organizations that are being victimized by this exploit, as it’s being used by mining malware.”
However, Microsoft was having none of this blame, saying instead that the NSA was responsible, considering their “stockpiling” of cyber-weapons.
Brad Smith, president and chief legal officer for Microsoft, said,
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”