The “mining” of cryptocurrencies, i.e., creating new currency units and validating transactions in the blockchain, is associated with a very high level of technical sophistication. To perform the complex processing operations at the required speed – in other words, the hash rate – the hardware used (powerful CPUs, GPUs or specialized ASIC boards) is either bundled together in an individual local “mining rig”, connected in a pool or centralised in the cloud. However, high processing speeds aren’t the only obstacle to overcome. A very large portion of the achievable income is eaten up by the huge amount of power consumed – especially against the current backdrop of sky-rocketing energy prices.
“Cryptojacking” provides a very simply solution to this problem. With this type of attack, criminals can easily hijack the computers and mobile devices of other unsuspecting users by means of specially developed mining malware that spreads in various ways. While cyber criminals reap the profits, the victims have to carry the costs.
One campaign of this kind that unfortunately proved to be very successful came to light just recently. According to the latest information, a number of translator and music apps were made available to download from popular sites like Softpedia in 11 countries – all providing the desired functionality but also concealing a nefarious purpose. The apps were designed to gradually install a very cleverly disguised Monero cryptominer, which only began performing its true task one month after being downloaded. By using this delaying tactic, the cyber criminals managed to avoid detection by conventional AV solutions and to establish a highly profitable illegal mining pool that worked away in the background, with the costs being covered by countless victims.
What’s the answer? Automatic real-time protection!
Systems protected by Acronis Cyber Protect avoided becoming sucked into this pool. Thanks to the ability of Cyber Protect to immediately detect each and every deviation from legitimate behavioural patterns, execution of the malware was effectively halted. The benefit of this behaviour-based approach is clear. As ever-evolving attack techniques don’t need to be identified from scratch each time they are encountered, they can instead be stopped in real time – which is exactly what happened in the case of this very complex cryptomining malware campaign.