McAfee Discovers Russian Malware Mining Monero And Zcash

By Hannah November 27, 2018 Digital Currency No Comments

Researchers at computer security firm McAfee Labs spotted a lethal new cryptojacking malware known as “WeCobra,” which takes victims’ computing power to enable it to mine the cryptocurrencies Monero or Zcash covertly.

The rise in cryptocurrency prices has triggered a new trend of cybercriminals, who use malware to cannibalize innocent victim’s computers to mine crypto.

McAfee Labs claims the Russian application WeCobra secretly installs the Cryptonight miner or Claymore’s Zcash miner, depending on the configuration of victims’ machine.

“On x86 systems, it injects Cryptonight miner code into a running process and launches a process monitor,” McAfee observed. “On x64 systems, it checks the GPU configuration and downloads and executes Claymore’s Zcash miner from a remote server.”

Although the malware was invented in Russia, researchers say they have discovered it around the world, with the highest number of infections found in Brazil, South Africa, and the United States.

Per reports, though the numerous number of mining malware, Trend Micro claims they are still unnoticeable because of their higher complexity.

McAfee report suggested users be alert for signs from their computers. For example, if they are acting slowly for no just reason, then they might be affected by one of the malware.

“Once a machine is compromised, a malicious app runs silently in the background with just one sign: performance degradation,” McAfee Labs warned.

“As the malware increases power consumption, the machine slows down, leaving the owner with a headache and an unwelcome bill.”

According to the Cyber Threat Alliance (CTA), cryptojacking has increased a massive 459% this year. The unanticipated surge has been attributed to the leak of EternalBlue, a software weakness in Microsoft’s Windows operating system.

Experts claim Microsoft and the National Security Agency are both blamed for the leak which happened in April 2017 when a group called the “Shadow Brokers” put a packet of stolen NSA tools on the market.

The packet was used to design malicious crypto mining software that has been hard to stop.

“A patch for EternalBlue has been available for 18 months and even after being exploited in two significant global cyber-attacks – WannaCry and NotPetya – there are still countless organizations that are being victimized by this exploit, as it’s being used by mining malware,” said Neil Jenkins, chief analytics officer for the CTA.

Microsoft has claimed the U.S. government is responsible for the leak, blaming it of being careless and reckless in its “stockpiling” of cyber-weapon.

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” said Brad Smith, the president, and chief legal officer of Microsoft. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”