As several years before, coin mining is not valuable. There were many threats found that are used to infect machines to mine cryptocurrencies, as the expense of the victim. As mining coin on another machine could provide the attacker with free CPU resource usage from each infected system, so that there is no need to steal directly from its victim. The infected machine will deliver the block rewards from the mining operations into the attacker’s wallet.
This idea was absolutely perfect from the criminal point of view, but as tine passes on PC was no longer supported to mine even a single coin. This was the time to give your PC to attack and turn your attention fro others to make money, like a ransomware infection. Hence, here a new malware have been found its way to use PC efficiently to mine new types of cryptocurrency.
A new malware Cryptocurrency found by Sophos that targets FTP servers:-
A discovery have been made by security vendors Sophos that investigated a suspicious malware named as Mal/Miner-C. This harmful piece of malware basically infects Windows Based system and hijack their CPU to generate Monero. As lots of people access FTP servers, that also includes Segate Network-Attached Storage devices, which are used by some attackers to host cryptocurrency mining malware.
Using this cryptocurrency, user can easily generate their new units for solving their mathematical problem that is needed to check their transactions in the network. Hence, this process is known as Mining that is used as an incentive for its cyber criminals to hijack other personal computers and use it for their personal use.
Monero – Cryptocurrency
Monero is a new digital cryptocurrency that is easier to mine than Bitcoin. It is designed mainly to create havoc on your system. Regardless, of its behavior, the main targets of its developers is to steal, delete or destroy user data.
According to Sophos Research, Mal/Miner -C does not possess an automatic infection mechanism but it relies on user to execute some malicious programs. It basically get distributed through compromise websites, but also get open through FTP servers. Its attackers scan for their FTP servers and get login with their default and weak credentials into their anonymous accounts. If they get successful they get write access on the server and copy this malware in all their present directories. Hence, its around 1.7 million malware detection past six month, and its fact that most of them are FTP servers. Moreover, its researcher used an scanning engine named as Censys to identify their public servers that allow access with write privileges. So, they found that around 7,263 servers and among them 5,137 are get contaminated with Mal/Miner -C. As most of them were running on Segate Central NAS devices and it get placed by itself on their public data folders. It also claims that NAS made easier to targets most of the user using insecure FTP Server.
However, the Segate Central NAS provides a public folder for sharing their data. But it have been said by Sophos that, this public folder cannot get disabled and if its administrator allow remote access to their device, it would get accessible anyone on web.
So, the files that had been get compromised by FTP servers are Photo.scr and info.zip. These files had been design by its developers to use it as Windows Executable files. In this way, it tricked its user, as Windows possess feature of hiding file extensions. Hence, user get access fooled by its fake icon on their system. Here, they are executing Photo.src file, which install cryptocurrency mining application on their system.