When the user needs to modify a file or image with limited time or lack of opportunities to find a reliable source for the software necessary to do so, by downloading the first free or pirated application he finds, which are software that is widely spread on the Internet. If the user does not notice anything suspicious in the performance of the software after downloading and installing it successfully, he may find a noticeable slowdown in his computer compared to normal, and he may even receive at the end of the month an electricity bill that is higher than usual, and it is likely that he will have mining software on his computer. Mining, or what is known in the blockchain world.
Mining malware was increasingly employed during the year 2017, coinciding with the skyrocketing prices of digital currencies, with the aim of obtaining easy money illegally. This was predicted in 2016 by Kaspersky Lab researchers, who noticed a resurgence of mining software amid a surge in the popularity of the digital currency Zcash. Now, just a year later, mining programs are ubiquitous, and according to Kaspersky Lab data, the number of affected users will exceed two million by the end of this year.
Criminals use a variety of tools and methods, such as campaigns based on social engineering principles and containing adware or pirated software, to target as many computers as possible. Kaspersky Lab experts recently identified a number of standard-style websites that offer users free pirated software, including popular software applications and software. The creation of "landing pages" with special purposes is not difficult, given the wide spread of pirated software. In fact, criminals resort to using names very similar to real website names to confuse users as much as possible.
But prudence requires caution when displaying things for nothing. The real goal of these sites is to spread certain mining software, and users put themselves at greater risk than they might think during their search for free applications.
The user receives a mining program that is automatically installed on the victim's computer with every file that is downloaded, to start working secretly on the device, using his energy in mining and searching for digital currencies that, once detected, are sent directly to the criminals.
The download file also includes text files that contain activation information consisting of the address of the criminal's wallet, and the name of the mining pool “mine,” which is a special server that brings together several subscribers and distributes the mining work between their computers. In return, the participants get their share of the cryptocurrency. Mining mines provide greater efficiency and faster mining speeds than working alone, given that mining Bitcoin and other digital currencies is a resource-intensive process and consumes a lot of energy and time.
Kaspersky Lab researchers noted that criminals used the NiceHash project in all cases, a project that had recently suffered a major security breach that caused millions of dollars of digital currency to be stolen, and some of its victims were connected to a mining mine of the same name.
Kaspersky Lab experts found another interesting feature that allowed criminals to change predefined points, such as the number of an electronic wallet, mining software, or mine, which gave them the opportunity to distribute mining operations and change the final destinations of the cryptocurrency at any time, or required the victim's computer to work in another mine.
Kaspersky Lab proposes the following steps to protect users from these accidents and to prevent their computers from being converted into mining machines:
- Download legal software only from trusted sources
- Do not click on unknown sites and suspicious ads
- Installing a reliable security solution like Kaspersky Internet Security or Kaspersky Free protects against all potential dangers, which includes mining malware
More information on the newly discovered mining software project can be found in the post on the Securelist website.
You can also view the threat predictions for 2018 in the Kaspersky Security Bulletin or watch the video webinar to learn more about cryptocurrency developments in the context of cybersecurity.
Comments
Post a Comment