Researchers at McAfee Labs have discovered a new type of Russian malware that silently extracts Zcash and Monero from exploited computers around the world.
The malware "arrives through the PUP installers" that release and install either Cryptonight Monero's miner or Claymore's miner Zcash on a system, "depending on the architecture that WebCobra finds":
"This cryptocurrency malware is rare in that it releases a different miner depending on the configuration of the machine it infects."
WebCobra is hard to detect, the researchers say, and once installed, the malware uses the code to hide:
"Once you've decoded and run data.bin, some anti-debugging, anti-emulation, and anti-sandboxing techniques are tested, as well as controls of other security products running on your system – these steps allow malware to stay hidden for a long time . "
The only sign of infection is "power degradation": the miner runs, "silently … .containing almost all the CPU resources".
The infected machines may not be able to "sleep". Performance usually slow down and energy bills go up. All mining proceeds are sent to the attackers' digital portfolios.
While the costs of malware mining are close to zero, Elite Fixtures researchers have recently discovered that the extraction of a Bitcoin can cost legitimized producers between $ 531 and $ 26,170 USD.
Most WebCobra infections now, McAfee says, are occurring in the United States, Brazil, and South Africa.
Infections from WebCobra were detected, however, in Russia, Indonesia, the Philippines, India, Northern Europe, India, Pakistan, Turkey, Ukraine and several African countries.
Like other cybersecurity researchers, McAfee Labs concluded that cryptographic malware attacks are too interesting to leave early.
Crypto malware attacks can be profitable while being far less dangerous and conflicting than ransomware attacks in which a victim's data and systems are blocked and a ransom-redemption requires:
"Coin-mining malware will continue to evolve as cybercriminals take advantage of this relatively easy path to steal value Mining coins on other people's systems require less investment and risk than ransomware and do not depend on a percentage of victims who accept to send money: As long as users do not learn that they are supporting criminal miners, they have a lot to gain. "