McAfee Labs Report: Miner Encryption Malware Several coins on the host system detected

A report presented by McAfee researchers on November 12, 2018 states that a new cryptographic malware capable of extracting different cryptocurrencies depending on the host system is at large.

Russian malware attacks global networks

Crypto-jacking malware and its attack vectors are becoming more efficient by the day. A new Russian malware that extracts several host-based cryptocurrencies is now affecting thousands of users. Researchers at McAfee labs have found recently a new type of crypto-jacking malware that is able to divert computing power to extract Monero or Zcash.

At this point, the researchers were able to trace the origins of malware in Russia. They also noted that the infection appears to have a more severe impact in countries like Brazil, South Africa and the United States. The Russian-based malware called WebCobra attacks by installing different data mining software depending on the host machine settings and hardware capabilities. With this, they can even choose the cryptocurrency that they will extract on the hijacked device.

According to relationship released by McAfee labs the crypto-jacking trend is generating millions and will probably become even more efficient in the future:

"The increase in the value of cryptocurrencies has pushed cybercriminals to use malware that steals machine resources from my crypto-coins without the consent of the victims." Coin-mining malware will continue to evolve as cybercriminals take advantage of this relatively easy path to steal value ".

How does the Malware Attack work?

According to the researchers, a new malware injection technique was discovered that was set to a malicious file containing mining malware as a file included in the legitimate Windows installation files.

After careful analysis, the researchers noted that the attacker method relies on the distribution of malicious software through an infected Microsoft installation package. The attack is very well orchestrated since the Windows installation package was programmed to install Cryptonight miners on x86 systems and Claymore's Zcash miner on x64 systems. This mining software is very effective as it is able to extract all the cryptocurrencies of the Cryptonight algorithm.

There are several ways to check if you have been infected with cryptographic malware.

If your computer works slower than usual and if it is consuming almost all processing power and is heating up a lot, you can say with certainty that you are infected. If this happens, you need to reinstall the operating system. To avoid this, the best way to protect yourself is to prevent downloads from unknown sources and avoid shaded sites.