Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Unauthorized Monero Mining Campaign Impacting Up to 30M Systems

    By
    Sean Michael Kerner
    -
    January 26, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Monero XMRig

      Palo Alto Networks is warning of a new cryptocurrency mining attack that is using URL shorteners as a way to infect victims’ systems.

      In a Jan. 24 report, the Palo Alto Networks Unit 42 security research group revealed that up to 30 million systems may be impacted by the attack, which has been ongoing since October 2017. The attack payload installs the open-source XMRig mining software on a victim’s machine to consume CPU resources and mine the Monero cryptocurrency. It’s currently not known who is behind the new attack.

      “We can’t go into attribution, but the evidence is suggestive of a single threat actor or group,” Josh Grunzweig, senior malware researcher at Palo Alto Networks, told eWEEK. “We saw evidence of the Russian language being used when we analyzed the malware.”

      What’s also not known is how much Monero the attackers have been able to obtain via the attack. Monero is a popular cryptocurrency for mining operations, as it does not require purpose-built hardware and can be mined with regular system CPUs. Different attacker groups, according to security research reports, have found varying levels of success for cryptocurrency mining attacks. F5 Networks reported earlier this month that attackers using an SSH vulnerability were able mine $46,000 in Monero cryptocurrency. ISC SANS reported on another group of attackers that used an Oracle vulnerability to mine approximately $250,000 of Monero.

      In the attack revealed by Palo Alto Networks, rather than abusing a software vulnerability, attackers are using URL shorteners as the delivery mechanism for XMRig mining code. “What’s happening is users are being presented with AdFly ads, and those ads have the shortened URLs within them,” Grunzweig said. “The URLs are being presented in a way that makes the user expect to download something.”

      When the users click on the links, they get the download as expected, but the contents of the download are not what they expected, he said. The XMRig software is installed on the victim’s system and then made available as part of the attackers’ pool of mining systems that is then placed on the Nicehash mining marketplace. Nicehash provides a marketplace where individuals can buy and sell mining capacity. In a typical botnet, there is a command and control node that sends instructions to victimized systems. Grunzweig said that in the new cryptocurrency mining attack, Nicehash isn’t actually working as a command and control node.

      “We wouldn’t say Nicehash is being used for command and control. There’s no evidence that Nicehash is actively controlling any of these systems in a malicious way,” he said. “Instead, the victim systems are being put into the Nicehash mining pool by connecting the XMRig software with Nicehash.”

      What Should Users Do?

      There are multiple ways that attackers are mining cryptocurrency on user systems. In an October 2017 report, Palo Alto detailed one of the most common methods, which is unauthorized coin mining inside of web browsers. Those types of attacks can be mitigated by the use of ad-blocking browser software.

      The new attack detailed by Palo Alto involves a download coming from a malicious URL.

      “This particular operation uses tactics that are known and for which best practices are known to apply,” Grunzweig said. “Blocking access to untrusted sites and using prevention-focused security can definitely help prevent successful attacks like this.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×