McAfee Labs has reported the existence of a new strain of mining malware called WebCobra. This type of software hijacks a victim’s computer resources in order to mine cryptocurrency surreptitiously. In this case, the malware mines Zcash and Monero and sends the earnings to the attacker.
These two cryptocurrencies provide significant advantages to the attackers: both Zcash and Monero are privacy coins, which encrypt transaction details and are therefore untraceable, allowing the attacker to operate secretly.
Additionally, Monero is designed to be efficiently mined on basic consumer systems — allowing CPU and GPU miners to bring in maximum profits. Monero in particular has become a go-to choice for cryptojackers.
Line of Attack
Despite its similarity to past cryptojacking campaigns, WebCobra makes some changes to the default line of attack. WebCobra, unlike previous malware, is able to choose between different mining options depending on the infected system’s architecture.
x86 systems are forced to mine Monero with the Cryptonight miner, while x64 systems are made to mine Zcash with the Claymore miner. Both Cryptonight and Claymore are legitimate mining applications, but they can be easily adapted for malicious purposes, as this case shows.
Suggested Reading : Take a look at the best Monero wallets in 2018.
Detecting the Problem
Like most cryptojacking malware, WebCobra is hard to detect, and one of the few indications that a computer is infected is reduced performance.
“Once a machine is compromised, a malicious app runs silently in the background with just one sign: performance degradation,” McAfee says.
The malware can also leave victims with a hefty electricity bill due to its constant and intensive use of the system — another potential sign of infection. Of course, an up-to-date virus scanner is useful in preventing and finding infections as well.
This is far from the first wave of cryptojacking attacks: similar malware has been distributed via Adobe updates and Steam games over the past year. In fact, the number of cryptojacking instances recently surpassed the number of ransomware instances, making cryptojacking an increasingly serious problem.
Some are attributing the rise of cryptojacking to the leak of EternalBlue, which rendered Windows vulnerable to a variety of attacks. However, crypto market prices may also influence the trend and dictate whether these attacks are profitable to attackers.