Microsoft has released a research report indicating that a new crypto-stealing malware has in the past year infected 80,000 computers around the world.
Security analysts at the software giant’s research center revealed the extent of the malware’s spread in a blog document published on November 26.
The Microsoft Defender ATP report identifies the malware variant as Dexphot, a malicious code that the researchers tracked since October 2018. According to the report, Dexphot secretly installs on an unsuspecting victim’s computer and proceeds to use the device’s resources to mine cryptocurrency.
Researchers say that Dexphot malware isn’t the type that “generates mainstream media attention.”
Many people are thus unlikely to have heard of it. Regarding what the crypto-jacking bug does, the analysts say:
“[Dexphot’s] goal is a very common one in cybercriminal circles — to install a coin miner that silently steals computer resources and generates revenue for the attackers.”
Microsoft estimates that the malware had compromised close to 80,000 devices by June this year.
The report also notes that Dexphot doesn’t just hijack a computer system and infect it with crypto-mining malware. The code can remain disguised in other programs so that any attempts to remove it often prove unsuccessful. If a user identifies the attack and removes the malware, embedded monitoring tools move to re-infect the device.
Theft of cryptocurrencies doesn’t just involve cryptojacking malware. Researchers have established that botnets are also widely used to steal cryptocurrencies directly from crypto wallets. A recent report showed that a botnet called MasterMana compromised up to 2,000 computers weekly- totaling over 72,000 devices in 2019.
Crypto-stealing Malware via YouTube
Cryptojacking is quickly becoming a preferred attack channel for hackers and has seen several campaigns over the last few years.
On Tuesday, November 26, antivirus provider ESET released another report showing how far attackers were willing to go to steal crypto from the public. In the report, the firm notes that attackers were now using YouTube to install crypto-stealing malware onto victim’s devices.
The botnet in question is Stantinko, known to compromise computers to allow for the mining of Monero (XMR), a privacy-oriented altcoin.
ESET, a Slovakia based software security provider, added that the XMR-stealing malware had infected an estimated 500,000 devices.
Using YouTube means crypto-jacking operators are stepping up their attacks, incorporating newer channels. It diversifies from channels like ad injections, phishing, and click fraud among other methods traditionally associated with such nefarious attacks.
ESET also reported in October that crypto-jackers had been stealing Bitcoin (BTC) from unsuspecting users on the so-called darknet. The attackers, who targeted darknet users in Russia, employed a fake Tor Browser to secretly swap wallet addresses and steal from buyers. The trojan had been in use since 2017, the firm added.
Featured Image Courtesy of Shutterstock