McAfee Labs announced the discovery of WebCobra, a Russian mining malware that explores the computing power of victims.
Security researcher Kapil Khade also found a correlation between the prevalence of miner malware and changes in the price of Monero (XMR).
McAfee Labs says that Crypto Miner's malware follows Monero's price
The threat research division of McAfee, a leading computer security software company owned by John McAfee, a Bitcoin enthusiast, has found what it considers to be uncommon and difficult to detect cryptocurrency mining malware.
Uncommon because a different miner falls according to the configuration of the machine it infects.
Khade, with the collaboration of colleagues Oliver Devane and Deepak Setty, analyzed the threat born in Russia, dubbed WebCobra.
Malware steals victims' machine resources while increasing energy consumption as it silently runs in the background and reduces cryptocurrency. Once infected, the computer notices the user of "performance degradation", but is not able to detect the presence of the threat without updated anti-malware software.
Khade argued in his post that the increase in the value of digital currencies led to a significant increase in the use of malware for cryptocurrency mining. Russian cryptographic malware seems to have a special appetite for Monero (XMR). The digital asset known for its privacy features is priced over $ 100 after reaching a peak of nearly $ 500 at the start of January 2018.
"The increase in the value of cryptocurrencies has pushed cybercriminals to use malware that steals machine resources to extract cryptographic coins without the consent of victims," observes Khade.
The researcher shared a chart comparing the price of Monero from January 2016 to July 2018 against "malware samples of threatening coins". The graph indicates a clear correlation between the two, with a single data mining malware reaching its all-time high one month after the burst of the cryptocurrency bubble at the start of this year.
The use of malware for coin mining seems to have been detected more recently, despite the continued decline in the price of Monero and cryptocurrencies in general.
The rare mineral cryptocurrency malware is more common in the United States, Brazil and South Africa, according to the McAfee Labs thermal map of WebCobra infections from September 9th to 13th. The software security company has recently reviewed WebCobra. The file infector silently drops and installs Claymore's miner Cryptonight or Zcash miner, Khade explained.
"The main dropper is a Microsoft installer that monitors the running environment." On x86 systems, it injects the Cryptonight miner code into a running process and starts a process monitor.On x64 systems, it checks the configuration of the GPU and download and run Claymore Zcash miner from a remote server. "
Related reading: Check the encryption prices on your Mac? Beware of malware
Shutterstock foreground image.