Posted on

New Crypto Mining Malware Targeting Corporate Networks, Says Kaspersky

Researchers at Kaspersky Lab have uncovered a new form of cryptojacking malware targeting corporations in multiple countries, the cybersecurity firm reported Thursday.

PowerGhost, a form of fileless malware – which uses a system’s native processes to hijack a computer – has reportedly been spreading on corporate networks in India, Brazil, Colombia and Turkey. The software mines an undisclosed cryptocurrency once installed on a computer.

The miner “is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers,” Kaspersky reported.

Illicit crypto miners have been rapidly rising in popularity among the web’s criminal fraternity, being hidden in apps and websites to quietly harness user devices to earn the hackers cryptocurrency. Now it seems the methods they use are evolving.

“It appears the growing popularity and rates of cryptocurrencies have convinced the bad guys of the need to invest in new mining techniques – as our data demonstrates, miners are gradually replacing ransomware Trojans,” said Kaspersky.

Principal security researcher David Emm agreed, telling ZDNet:

“PowerGhost raises new concerns about crypto-mining software. The miner we examined indicates that targeting consumers is not enough for cybercriminals anymore – threat actors are now turning their attention to enterprises too. Cryptocurrency mining is set to become a huge threat to the business community.”

The firm’s report echoes concerns shared by other cybersecurity firms. Earlier this month, Skybox Security also stated that cryptojacking had become more popular among bad actors than ransomware.

At the time, Skybox called cryptojacking malware “a money-making safe haven for cybercriminals.”

Infected network image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Kaspersky Lab: $10 Mln in Ethereum Stolen Over Past Year via Social Engineering Tricks

Kaspersky Lab’s security experts have found that cyber criminals were able to steal more than 21,000 in Ethereum (ETH) (worth around $10 million) through social engineering schemes over the past year, Cointelegraph auf Deutsch reports Thursday, July 12.

According to a July 9 report, cyber criminals have triggered more than a hundred thousand alarms altogether on security software in connection with cryptocurrencies since the beginning of 2018.

Kaspersky Lab notes that scammers particularly single out investors interested in Initial Coin Offerings (ICO), using fake websites and phishing emails containing an e-wallet number to trick their targets out of money.

The report mentions the Switcheo ICO as an example, stating that criminals stole more than $25,000 worth of crypto by posting a fake offer on a Twitter account claiming to be associated with the ICO.

Another social engineering scam is the fake “cryptocurrency giveaway,” where victims are promised a higher payout of the same cryptocurrency later in return for a small sum of cryptocurrency now. The report describes the popularity of using fake social media accounts purporting to be well-known personalities, such as business magnate Elon Musk and Telegram founder Pavel Durov, for this scam.

According to Nadezhda Demidova, the lead web content analyst at Kaspersky Lab, the attack patterns continue to evolve, making it impossible to protect against them easily. Demidova also notes that cryptocurrency phishing “stand[s] out” from other phishing attacks because scammers can make millions of dollars:

“The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalize on user behaviors”.

Kaspersky Lab, which traditionally focuses on protection against malware such as viruses, Trojans, and ransomware, has already been keeping an eye on criminal behaviors involving cryptocurrencies. At the end of June, the cybersecurity company reported on the recent shift in popularity from ransomware attacks to “cryptojacking,” which infects a computer with malware that mines for crypto without the owner’s permission.

Kaspersky Lab also warned cryptocurrency owners in November 2017 against a trojan that replaces the wallet address on a user’s clipboard in order to redirect cryptocurrency transactions to scammers.

Posted on

Kaspersky Labs: Cryptojacking Now ‘Wears The Threat Crown,’ Overtaking Ransomware

A new cybersecurity report from Kaspersky Labs notes a significant decline in the amount of ransomware targeting Internet users as compared to the growing increase of cryptojacking, in a report published June 27.

The Kaspersky Labs report seeks to answer the question: “But if ransomware no longer wears the threat crown, what is the new king?” According to Kaspersky labs, crypto miners were able to gain popularity due to their “discreet and modest way to make money by exploiting users”:

“Instead of the large one-off payout achieved with ransomware, cybercriminals employing mining as a tactic can benefit from an inconspicuous, stable and continuous flow of funds.”

The report, which compares data from April-March 2017 with data from April-March 2018, finds that the total number of users recorded saw a 30 percent loss in the amount of ransomware they encountered, and a 45 percent gain in the amount of crypto miner attacks. This brings the amount of Internet users in the study affected by crypto mining up to around 2.7 million.

Another cybersecurity report released this week from McAfee Labs noted that the use of cryptojacking malware rose 629 percent in the first quarter of 2018, compared to the previous quarter.

According to the Kaspersky Labs report, in the overall number of detected cyber threats, crypto miners increased from 3 to 4 percent, and the share of miners in the overall risk tool detection rose from 5 to almost 8 percent.

The report also notes that the “most remarkable ransomware trends” of the past year were WannaCry and Badrabbit, new kinds of ransomware that asked for Bitcoin (BTC) in exchange for unlocking infected computers.

Cryptojacking events have taken place all over the world, with police in Japan investigating a case involving crypto mining malware in June, and a new type of “snobbish” cryptojacking malware infecting half a million computers globally in just three days this May.

Posted on

Telegram Founder: Crypto Mining Malware Attack Isn't Due to App Flaw

Russian cybersecurity firm Kaspersky Lab reported today that a vulnerability in Telegram’s messaging app had been exploited to turn desktop computers into unwitting crypto-miners – a claim that the firm’s founder is pushing back against.

The cyberattacks were uncovered by Kaspersky Lab, a global cybersecurity software provider, who reports that the covert mining operations have been underway since March of 2017. Kaspersky said that the attacks were possible because of a zero-day vulnerability.

“We have found several scenarios of this zero-day exploitation that, besides general malware and spyware, was used to deliver mining software – such infections have become a global trend that we have seen throughout the last year,” Alexey Firsh, a Kaspersky Lab analyst said in a statement today.

Yet Pavel Durov, who founded the popular messaging app, has taken to his own Telegram channel in order to downplay the report.

“As always, reports from antivirus companies must be taken with a grain of salt, as they tend to exaggerate the severity of their findings to get publicity in mass media,” he said. He went on to claim that what Kaspersky had uncovered was not a “real vulnerability on Telegram Desktop,” and that cybercriminals could not access users’ computers without them first opening a malicious file.

“So don’t worry,” he told the channel, “Unless you opened a malicius [sic] file, you have always been safe.”

Cybercriminals reportedly used the malware to garner monero, zcash and fantomcoin, among other cryptocurrencies, per Kaspersky’s report. The firm says evidence indicates that the malware has Russian origins, and notes that, in some cases, it is used as a backdoor through which hackers can silently control a computer. In the course of analyzing malicious servers, Kaspersky also said it found “archives containing a Telegram local cache that had been stolen from victims.”

As the profits associated with mining have increased, mining malware has become more common.

CoinDesk reported yesterday that more than 4,000 U.K websites, including government sites, had been infected with mining malware, prompting the U.K. Information Commissioner’s Office to take down its website. Likewise, in another significant case last month, it was discovered that Google’s DoubleClick ad services were hijacked to distribute mining malware on prominent sites like YouTube. This has put additional pressure on developers to ensure user safety.

Image via Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Have breaking news or a story tip to send to our journalists? Contact us at news@coindesk.com.

Posted on

Blockchain-based Secure Online Voting System Showcased

Cybersecurity firm Kaspersky Lab has introduced its Blockchain technology-based secure online voting system dubbed as Polys at the company’s annual Cybersecurity Weekend event in Dublin, Ireland.

The system is supported with transparent crypto algorithms.

In a statement at Polys’ website, the company claimed that Blockchain is the missing link in the architecture of an effective and secure online voting system.

“[Online] voting imposes extremely stringent requirements on the security of every aspect of voting. We believe that the Blockchain technology is the missing link in the architecture of a viable online voting system.”

According to Kaspersky Lab’s Head of Investment and Innovation, Vartan Minasyan, Blockchain, when combined with their cybersecurity know-how, could resolve major issues related to the privacy, transparency, and security of online voting.

“In our Kaspersky Lab Business Incubator we’re supporting both internal and external teams in developing bright ideas and technologies, which can be implemented in various areas where safety and security are important. One such area is online voting and, when exploring the possible implementations of Blockchain in particular, our team realized that this technology combined with the company’s cybersecurity expertise could solve key problems related to the privacy, transparency and security of online voting. We’re excited that we have been able to create a suitable environment for this internal innovation.”

Online voting options powered by Blockchain

According to Kaspersky Lab, Polys offers a free-web based dashboard to create an online vote with two options, namely, majority vote and cumulative vote. The system also supports voting through email, unique codes, and public voting.

The company has already released a beta version of the system in order to get early feedback and iteratively develop an operational voting system.

Posted on

How to Protect Yourself From the CryptoShuffle Trojan

Russian based cybersecurity firm Kaspersky Labs has warned owners of cryptocurrencies that their coins are not safe even in private wallets. A new trojan called CryptoShuffler is stealing coins right from under the noses of users by replacing wallet addresses on a user’s clipboard as they copy and paste wallet data for transfers. No wallet is safe because the trojan utilizes the clipboard function on computers.

The trojan has already caused a substantial amount of damage in just a short time, though the cyber researchers believe the trojan has been working for perhaps a year or more. Per Kaspersky:

“…cybercriminals have already managed to steal 23 Bitcoins, which is the equivalent of approximately $140,000 (as of the end of October). In addition, thousands of dollars of other cryptocurrencies such as Litecoin, Dash, Monero, Ethereum, Zcash and Dogecoin, have been accumulated.”

Protect yourself

The most basic way to protect yourself is to carefully compare the address you’ve inputted after copying. Carefully checking wallet addresses for every transaction should keep your funds safe.

However, the trojan developers know that the normal process is simply to copy, paste and send, without carefully checking the address. For this reason, Kaspersky is warning users to take special precautions.

Further, users are advised to utilize an antivirus and anti-malware system in order to detect and remove malicious programs. As the cryptocurrency world continues to grow, risks will continue to increase, and owners will need to be vigilant to protect their funds.

Posted on

Bad Rabbit Bitcoin Ransomware Misery Continues As Hackers Demand $300 in BTC

Over 200 victims in Europe and beyond continue to suffer from a brand new ransomware attack demanding Bitcoin to release encrypted files.

Known as Bad Rabbit, the ransomware of unknown origin demands 0.05 BTC ($290) to unlock infected computers.

Its progress focuses on Russia and Ukraine, with outbreaks also reported in Turkey and Germany, according to cybersecurity firm Kaspersky Lab.

“While the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor’s infrastructure,” a report on the ransomware released Tuesday explains.

“No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer. We’ve detected a number of compromised websites, all of which were news or media websites.”

As of Thursday, it has become apparent those targets fall outside the news and media sphere, with Odessa Airport and the Kiev Metro’s payment system also seeing breakdowns.

Bad Rabbit is just the latest cyberattack to hit the Russian and Ukrainian zone, with WannaCry and NotPetya all having left their mark over the past six months.

The ransom demands from Bad Rabbit’s hackers are similar to those of WannaCry at around $300 per machine.

Ransom

Unlike NotPetya, however, there appears to be no attempt to wipe data from victims, whether or not they send the requisite Bitcoins.

Kaspersky adds it is not yet known whether or not paying the ransomware amount results in full control being returned.

Posted on

Russian Hackers Used 9000 computers to Mine Monero, Zcash, Other Cryptocurrencies

A group of hackers installed cryptocurrency mining malware on 9000 computers over two years, antivirus company Kaspersky Lab claims.

In new research reported by Russia Today, the provider said it had unearthed two Russian hacker groups which were hijacking machines to mine Monero and Zcash, among other cryptocurrencies.

The hackers controlled one batch of 4000, and another of 5000 computers.

“According to analysts, the hacker mining network brings its owners up to $30,000 per month,” the publication quotes a Kaspersky source as saying.

Total earnings are estimated to be $209,000 so far for Monero alone, while the total income is harder to determine.

Cryptocurrency hacking is currently a topic of interest in Russia’s ongoing battle with regulation.

In July, the country’s Internet advisor to Vladimir Putin suggested up to an astonishing 30 percent of domestic devices were infected with a mining virus, comments which even fellow minister Dmitry Marinichev soon denied were true.

“In regions with lower bandwidth instances are reduced, but we’re looking at 20 to 30 percent of devices being infected – iPhones and Macs are less prone,” Klimenko had said.

Kaspersky has meanwhile warned about more legitimate threats affecting consumers, including August’s Trojan banker malware known as ‘Jimmy.’