Bitcoin mining malware is a big problem. By hijacking the blockchain to illicitly mine Bitcoin, hackers are able to carry out a number of exploits on the blockchain that can in turn damage assets held by investors all over the world. Annoyingly, as the security of the blockchain develops and as we create more innovative ways of protecting the blockchain, hackers also get more clever, as does the malware they produce.
According to new research, it seems that the latest fad in malicious crypto mining comes in the form of legitimate windows installation packages, making the malware hard to detect for both the user, and their machines antivirus software.
According to The Next Web:
“Researchers say the malicious software, more commonly known as Coinminer, was specifically designed to fly under the radar. What makes the attack particularly difficult to detect is that it uses a series of obfuscation methods. The discovery comes from security firm Trend Micro, which has since documented the attack vector at more length.”
My masking as a legitimate windows installation file, users of windows machines won’t question the legitimacy of what seems to be a new update, or a windows download. Because of this, the chances of the malware being installed are increased, just as the chances of antivirus software has of detecting the malware decreases. Overall, it’s a hackers perfect recipe.
According to The Next Web, the report by Trend Micro states:
“The malware arrives on the victim’s machine as a Windows Installer MSI file, which is notable because Windows Installer is a legitimate application used to install software. Using a real Windows component makes it look less suspicious and potentially allows it to bypass certain security filters.”
Now of course, there’s a little more to this. Once the file has been installed, hackers have realised that visible parts of the file still need to appear as useful windows files, in order for the malware to remain on the machine in order to extract hashing power and mine Bitcoin maliciously. According to The Next Web:
“The hackers’ trickery doesn’t stop there though. The researchers note that, once installed, the malware directory contains various files acting as decoy. Among other things, the installer comes with a script that counteracts any anti-malware processes running on your machine, as well as the actual cryptocurrency mining module.”
And, most concerningly, according to the Trend Micro report:
“To make detection and analysis even more difficult, the malware also comes with a self-destruct mechanism. It deletes every file under its installation directory and removes any trace of installation in the system.”
How can I protect myself from this?
Illicit Bitcoin and cryptocurrency mining is a problem, one that has a very negative impact on the industry and interferes with many aspects of the industry, including coin circulation and of course, value. In order to protect yourself, you simply just need to be careful when you are online. Never download content from untrusted sources and always ensure you have an up to date antivirus software running.
Think twice before downloading anything off the internet, ensure that all websites you are using are secure and practice good safety measures when browsing the web. It’s not hard to protect yourself, so long as you are careful.