Latest on ATNET:

#ftx-collapse #custodial-trading
#crypto-fundamentals #yield
BTCUSD
D HIGH
D LOW

Data:   Charts:

Kc  · 09/01/22

2018 AKA The Year When Crypto-focused Malware Became The New Standard

06/27/23 · Reports · This is not a financial advice
Altcoin Trading Blog

Note: This report was written in 2018 and remains published for reference purposes.


Glossary entries for this post
cryptocurrency-wallet
crypto-opsec
Browse The Most Searched-For Topics
hub
dca
hub
 

Coinrule

They say that it ain’t good if people don’t steal it - by this logic, crypto is in a massive fundamental bull run. While even in 2017 crypto malware was reported only rarely, in 2018 it is clear that cryptocurrency malware development became a legitimate career path, kind of like credit card cloning in Brazil.

Best way to get your crypto stolen

Just by the look at the buzz of the past weeks, it would be easy to say the biggest threat to your crypto wallets is related to email impostors online download sites:

  • Here an email attachment trojan that looks up Coinbase credentials and installs crypto miner: https://blog.malwarebytes.com/cybercrime/2018/02/state-malicious-cryptomining/
  • An example of a bunch of trojan in a bogus “hack app”: https://blog.malwarebytes.com/cybercrime/2018/02/bogus-hack-apps-hack-users-back-for-cryptocash/ - those are apps people install when they don’t want to pay for the real deal
  • And here a legitimate-looking Android app that hides a crypto trojan: https://blog.trendmicro.com/trendlabs-security-intelligence/monero-mining-hiddenminer-android-malware-can-potentially-cause-device-failure/

The truth is though, the easiest way to get your crypto gone from your wallet is to have your main wallets installed on a computer that you use for browsing dodgy online places with a lot of ads, getting torrents and downloading new software.

This is not a new thing, we made a post about it, Andreas Antonopoulos also recommends some tiered device setup (and he was a computer scientist before he became crypto demigod). The crypto malware business seems to be growing though.

Before the 2017 bull run, people didn’t care

Now, there is a big community of computer security professionals and enthusiasts who essentially work as hunters. They spend a lot of time analyzing attacks, luring malicious actors into honeypots and reporting everything on blogs and forums. It is a good system but it has a way to let the unknown unknowns pass through.

So while everyone raves about crypto-related malware booming in 2018, there is a chance it just wasn’t in the spotlight before.

Two years of undisturbed bitcoin collection

In March 2018 a report was published on the ESET’s blog on a malware that was hosted as trojan in multiple files on download.cnet.com - a software download portal with the Alexa rank of 163. The incident that got the attention of a researcher was an alarmed user from r/Monero seeking help after noticing a script that overwrites his copy-pasted crypto addresses.

The culprit was an infected Win32 Disk Imager from CNET that has been collecting cryptocurrencies since 2016 without interruption! In total, there are 4500 users who have downloaded this infected application and some more who downloaded infected CodeBlocks IDE and an infected Windows port for GCC by the same CNET user.

The apps were removed by CNET upon ESET’s notification, after two years of undisturbed activity.

Trusted resources then?

A more ethically plausible way for people to get their crypto is covert mining. In a recent post on securelist.com the author analyzes a whole bunch of Android apps that have a XMR miner hidden in them. Some of the apps will request administrator permissions so that they cannot be uninstalled and while they don’t steal crypto, some will just mine until your phone collapses.

And then there’s the cherry on top: If you know your ways well you can hijack corporate resources. Here csoonline.com reports how the financial impact shoots up if a crypto miner in a datacenter goes undetected up to the point where the mining starts damaging the hardware.

Imagine all the sysadmin crushed souls who can now get corporate sponsorship. Sounds very Fight Club, right?

The bigger business is of course in external threats though. Kaspersky Lab expects that in 2018 targeting specific business will be where the cryptojacking business will go, reportedly old ransomware is being repurposed for mining and patch lags are leveraged to mine crypto on a company’s bill.

With corporate infrastructure hijacking already happening and knowing the detection of crypto-related malware is difficult, this is not a good time to rely solely on downloads from trusted resources either. Here is an example of a fileless miner that focuses on servers and goes undetected by all common antivirus/security vendors.

The best way to protect your crypto is 1) to always double check the address when you are sending crypto and 2) to have your wallets on devices that are as clean as possible. It is not a big inconvenience to have a burner phone or tablet.

There’s an opportunity, too

How to get rich if you’re an app developer?

  1. Put together the quickest app you can, maybe something for downloading backgrounds or whatever.
  2. Add a Monero mining script into it. Add a routine to check for overheating so that you can milk the phone longer.
  3. Publish the app online.
  4. ??
  5. Profit

Or, you can develop an app that detects crypto miners and crypto stealers. Stealers are literally couple lines of code, miners are a piece of JS calling home somewhere. They can easily pass undetected. Before the big corporations rearrange their management resources to develop and market a solution for this, there might be an opportunity for a small company to establish itself through this.

You gotta do it right though: There is a bunch of anti-miner extensions for Google Chrome that are developed by anonymous people under random gmail address and are known far less than adblockers, and then there’s the Brave browser which blocks crypto miners and has Youtube ads all over the place. That’s a missed opportunity for these small fishes, without gaining some form of audience they get eaten.

Some vendors are now working on solutions based on detecting suspicious communication, but there’s still a lot to be done. Citing csoonline.com again,

Cryptojacking is in the early stages. If a company spots one type of attack, there are four or five others that will get by. “If there’s something that could potentially stop crypto miners, it would be something like a well-trained neural network,” Lopez-Penalver says.

Latest Airdrops & Bounties - Updated Daily

airdrop Blockgames airdrop - Get 2500 points convertible into tokens. Bonus Airdrop po...
airdrop Claim bXp tokens - Connect wallet and claim tokens.
airdrop MON protocol quests - Sign up with X, complete tasks and collect tokens. This p...
promo Synfutures DeFi trading competition - starting Mar 10
promo PYUSD staking promo - staking promo
promo LATOKEN events - live
promo Get 10 USDT bonus from Bybit - live
promo SimpleSwap Transaction Bonus - code SsITvSMQ0Cru0ERU

Disclosure: All products featured on AltcoinTrading.NET are independently chosen, but some of the links on this page are affiliate links. Read our full content disclosure to learn more.