Browsing Tag

cryptojacking

security,

Top 5 Cryptocurrency Scams And How To Avoid Them

As we approach the end of the year, it is time to summarize the past 12 months. But as you know we eat and breathe security and our summary is more like a short guide on fraudsters’ favorite tactics and how to avoid them. As if the bear market was not enough, the cryptocurrency community had to withstand the rise of crypto-related scams. Unfortunately, there isn’t a sole thing that can guarantee you a 100% protection. But the good news is that by investing a couple of minutes (and some brain cells) a day, you can stay afloat the swindle ocean.

So without further ado, here’s the list of cryptocurrency scams that rose to prominence in 2018.

Straightforward hacking

There is nothing fancy about it except the fact that the evilest and powerful hacking entity is Lazarus. In case you’ve missed the news, Lazarus is the brainchild of the North Korean regime. Yeah, that’s right, the commies have their own hacking entity, which is believed to be behind the infamous Coincheck hack.

Kaspersky Labs has been closely following Lazarus over the years and has warned that it is already building a brand new malicious software aimed to take on Linux. The cybersecurity company states:

“It would seem that in the chase after advanced users, software developers from supply chains and some high-profile targets, threat actors are forced to develop Mac OS malware tools. The fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms.”

Lazarus has become notorious for penetrating Windows and Mac systems, fintech companies, exchanges, and whatever comes to your mind. Since the group is not kidding we believe that the smartest thing to do is to refrain from using online wallets. It would be much better to go for a hardware wallet instead. If you are not sure why, check our cryptocurrency wallet guide.

Bitcoin blackmailing

While blackmailing is a classic move, it wasn’t until that summer that it became a thing in the crypto world. Here is how it goes. You open your email and there is suddenly someone telling you they know your password (which they do) and have photos of you doing your thing while watching those nasty movies (which is most likely a false claim). The bad actors tell you that if you don’t pay a certain amount of Bitcoin, they will send all of your “Oh” photos to your contacts.

But don’t panic. While the baddies might indeed have some of your passwords it doesn’t mean that they know something about you, neither do they have any photos. These are just randomly sent emails, which rely on recipients fears. For your own safety, it is better to change passwords and cover your laptop camera. However, you can always check how the culprits got your password using this search engine.

Did I fail to mention not to pay the ransom? Well, don’t! Those fuckers don’t deserve a penny. Do not respond to their email either.

Botnets

These are designed to spread malware all over the internet and infect websites, computers, servers, etc. Once the baddies infect their targets, they can control them directly all pull all sorts of nasty tricks. Luckily, the cybercriminals are often using them for cryptojacking purposes, which you can easily block by using the right browser extensions.

In worse case scenarios, you might be tricked into downloading malicious files. Despite that, a top-notch antivirus should be able to handle the situation.

Social engineering

Some culprits prefer to do it the old-school way. Unfortunately, social engineering and phishing still work surprisingly well. According to Kaspersky, over 100,000 malicious pages have been used to redirect traffic to authorization pages of renowned exchanges like Bittrex, Binance, and Kraken. Of course, these are just copycats aiming to steal your credentials. And even EtherDelta users ate some phish (pun badly intended) earlier this year.

Kaspersky elaborates:

“Scammers also try to use the speculation around cryptocurrencies to trick people who don’t have a wallet: they lure them to fake crypto wallet sites, promising registration bonuses, including cryptocurrency. In some cases, they harvest personal data and redirect the victim to a legitimate site. In others, they open a real wallet for the victim, which is compromised from the outset.”

Sadly, the only way to protect yourself from phishing and social engineering is to be extra cautious when typing private seeds and passwords. Plus, it is advisable to enable two-factor authentication (a.k.a. 2FA) just in case.

Fake wallets

Google Play and Apple’s AppStore are plagued with copycats of legitimate cryptocurrency wallets. Always pay extra attention to tiny details such as publisher, publishing date, number of downloads, etc. In addition, do your research before installing a mobile wallet and double-check its rating and reviews. And as always, please don’t go for wallets that offer you some free tokens upon registration, you’ll thank me later.

 

security,

Stay Ahead Of Cryptojackers With This Simple Guide

The regular cryptocurrency trader is rather familiar with the variety of threats that lurk in the space. However, newbies and seasonal traders might be less educated about the industry and this makes them easy targets. The baddies are good at pulling all sorts of nasty tricks and we have to say that getting conned is not that difficult.

Many of the community members pay attention to the market before purchasing or selling their tokens. That’s good, what’s even better is using a hardware wallet. Nevertheless, we somehow seem to neglect cryptojacking as an emerging threat. Click here, to learn more about cryptojacking. In short, cryptojackers steal your computing power to mine cryptocurrencies. Unfortunately, this might make your device completely unusable. If you want to understand whether you have been cryptojacked and how to protect yourself, keep reading.

Is my device cryptojacked?

The easiest way to detect the symptoms of the cryptojacking fever is to check whether your device is running hot and whether there is a strange noise coming from it. Mining cryptocurrencies uses a lot of your CPU power, meaning your device will be much noisier and hotter than usual. Your other options include checking your resource monitor. Open Task Manager on Windows by pressing ctrl + shift + Esc and if you are using Mac search for Activity Monitor.

If you believe your CPU shouldn’t be working on full capacity but it is… Well, you’ve been cryptojacked. Alternatively, you can always use Opera’s Cryptojacking Test even you work with another browser.

Cryptojacking protection

Since cryptojackers are becoming extra creative in recent months, you should always pay attention to the files and updates you download. However, the most common method they rely on is to embed malicious codes in websites and wi-fi networks. But don’t worry. There is always a way to block the code. Most of the internet browsers already have extensions designed to keep the bad actors away. We guarantee you that minerBlock, NoCoin, Coin-hive Blocker will protect your Chrome. Firefox has its own version of minerBlock and NoMiner.

To level up your security it is advisable to use prominent anti-virus, which protects you against cryptojacking among other nasties. Perhaps the most troublesome scenario is when the culprits infect a router or a network of routers. Unfortunately, it is much harder to identify this type of attack. This is why we advise you to regularly update your router’s firmware.

security,

Cryptojackers Get Super Creative – Infected Updates Are Now Viral

Cryptojackers are here to make fun of legitimate app developers and to make some money along the way. Since everything in technology changes, the cyber culprits are not going for infecting Wi-Fi networks, Amazon Fire TVs, and random websites with Coinhive. These days they are delivering the change by compromising otherwise legitimate Adobe Flash Players.

In fact, it is the old-school Trojan horse tactics but hey, old-school always works. In short, when you download the latest Adobe Flash Player update, you get an XMRig bot, which is here to hijack your computing power and mine some Monero for the bad boys.

cryptojacking

Source: Palo Alto Networks

The first to uncover the mining malware was the cybersecurity entity Palo Alto Networks. Indeed the corrupted Flash updater has been circulating the internet since the beginning of August. Apart from getting the “newest” Flash Player, you get the “newest” mining malware installed in the background, silently making profits for someone else. The chances are many users are unaware of the fact that they have been cryptojacked. While they may experience system outages, slow and impaired performance, those who are not familiar with crypto malware may have a hard time figuring out what is wrong with their devices.

The cybersecurity researchers have stumbled upon 113 files dubbed “AdobeFlashPlayer”. But the catch is, none of them are stored on Adobe-owned servers. Palo Alto Networks suggests that the cryptojackers have used bogus URLs to redirect their potential victims. One question remains, however, how and why users reached these URLs?

While the analysis of the URLs showed no signs of something suspicious, after the installation process the mining bot immediately connects to a Monero mining pool and starts doing its thing.

“Because of the legitimate Flash update, a potential victim may not notice anything out of the ordinary. Meanwhile, an XMRig cryptocurrency miner or other unwanted program is quietly running in the background of the victim’s Windows computer,” reads the post.

security,

Cryptojackers Wage War On India

In case you haven’t noticed, there is already a cryptojacking pandemic. The largest infection this year took place in Brazil where the culprits compromised quite a lot of routers. Unsurprisingly, crypto mining software is multiplying, thus plaguing India as well.

The cryptojackers have declared war on the internet in general and their latest attack targeted 30,000 MikroTik routers in India. Combined with the 280,000 infected units in South America, we can safely say that cryptojacking is big bizniz now.

The internet punks have secretly inserted Coinhive in literally tens of thousands of routers and it looks like the Indian internet providers are a) unaware or b) they just don’t care. This forces corrupted MikroTik routers to mine Monero on every page opened.

Coinhive is by far the most popular Monero mining script. The tiny JavaScript code allows the cybercriminals to embed it in websites, ad banners, routers, wi-fi networks, etc and thus secretly mine Monero on users’ devices.
Now, Coinhive could be put in action for noble purposes as well. For example, UNICEF used it to raise funds for charity. If you want to dig deeper into cryptojacking click here.

Coinhive wouldn’t have been such a pain if the baddies did not make hundreds of versions out of it. They do that in order to circumvent security layers and trick networks into running it. In fact, McAfee Labs reports that just in the last three months they have launched 2.5 million versions of cryptojacking software. Notable, most of them are Coinhive-based.

Banbreach has found that at least 45% of the infected routers are located in rural areas. While such massive attacks are barely something unusual anymore it is still striking that internet providers seem to just neglect the threat. Not that cryptojacking can really harm you since it neither steals money nor data but it can really ruin your browsing experience and even your device.

If your PC or smartphone suddenly gets super slow, the chances are you have been cryptojacked. The easiest thing to do is to close your browser and open other websites. If nothing changes, you’d better contact your internet operator.

security,

Cryptojacking Attacks Seem To Have No End

One can only imagine the scale of the latest cryptojacking attack. The trend to steal internet users’ computing power to mine cryptocurrencies shows no signs of slowing down. In fact, it is quite the opposite, cryptojackers get smarter and more creative than expected.

A group of cybersecurity researchers has stumbled upon 3,700 routers that silently run cryptocurrency mining scripts. These particular routers have not been infected before but it looks like the internet cowboys have changed that. This brings the total number of corrupted devices to 280,000. What is more concerning is the fact that just three months ago this number was 200,000. Read between the lines babe, roughly 888 devices are being hacked every day. That makes 37 hacks per hour. Yet some dare to say, cryptojacking is unprofitable.

The recent discovery just proves that the attack that took place in Brazil one month ago is not over yet. Back then the culprits performed “zero-day attack” on MicroTik routers, successfully compromising 200,000 of them. Prior to the attack, no one was aware of the existing vulnerabilities. As always, CoinHive was the software that was injected in the routers, thus allowing the hackers to effectively mine Monero.

CoinHive is the most notorious piece of code on planet Earth in recent months. It is super popular among hackers as it is easy to use as well as effective. So far, the online criminals have infected AdSense banners, websites, Wi-Fi networks, and routers. Once an internet network (or a website) starts running CoinHive the script hijacks computing power from user’s devices and mines Monero.

One research even suggests that cryptojackers literally earn $250,000 per month. If you want to learn more about cryptojacking, click here.

Unfortunately, cryptojacking is not the only tool the bad guys rely on. We have to fear Android Banker as well. It is a Trojan Horse virus, which effectively circumvents two-factor authentication (2FA) and thus stealing usernames and passwords. Hackers primarily use it against banking apps and have already compromised 200 applications in 2018 alone.

Never ever download and trust applications from unknown sources. You will thank me later.

security,

Coinhive Has Evolved Into An URL Shortener

Coinhive is evolving. The JavaScript code that secretly forces your computer to mine Monero is cryptojackers’ favorite tool to exploit reckless users’ CPU power. Here’s what security researchers have found in the past weeks.

Since web browsers and cybersecurity specialists have come up with an array of tools that scan the internet and block the mining script, hackers have updated Coinhive so it could still function just as well. In short, Coinhive has an “URL shortener” service. The URL shortener indeed shortens any URL but adds the mining script in it. Then when someone clicks on the short URL some time passes before the service redirects them to the original URL. During that time his devices mines cryptos.

Researchers at Malwarebytes said:

“In the past weeks, our crawlers have catalogued several hundred sites using a variety of CMS all injected with the same obfuscated code that uses Coinhive’s short link to perform silent drive-by mining.”

This completely new scheme to utilize Coinhive was first discovered at the end of May by Sucuri researchers. Most likely both Sucuri and Malwarebytes analysts have stumbled upon the very same malicious Coinhive campaign.

Jérôme Segura from Malwarebytes believes that the short-link redirection time can be adjusted via Coinhive’s hash value settings. Literally, this means that bad actors can force devices to their maximum for longer periods.

“Indeed, while Coinhive’s default setting is set to 1024 hashes, this one requires 3,712,000 before loading the destination URL,” Segura said.

What’s more, once the time passes the script redirects back to the previous page simulating a page refresh. Obviously, the idea is to trick the users to start the process all over again. On the top of that, hackers have created software copycats that look like legitimate software but actually force devices to mine.

“In this campaign, we see infrastructure used to push an XMRig miner onto users by tricking them into downloading files they were searching for online. In the meantime, hacked servers are instructed to download and run a Linux miner, generating profits for the perpetrators but incurring costs for their owners,” researchers add.

The best way to protect yourself from cryptojacking attacks is to use browser extensions that detect and block unauthorized mining scripts. No Coin and minerBlock are crafted to do just that.

security,

Cryptojacking Script Infects Amazon Fire TVs

Hackers are taking cryptojacking to a whole new level literally every day. So far we have seen websites infected with mining scripts, Apple and Android applications, ad banners, and wi-fi networks. Oh boy, for a second I thought “That’s it, the bastards have finally exploited everything possible”. Poor me, I was wrong in so many ways.

Hold on tight, from now on smart TVs can be turned into mining rigs. Well, at least that’s the case with Amazon Fire TV. The hackers have found a way to trick the Android-based software to run an application known as ABD.miner. It usually presents itself to the users as “com.google.time.timer.”

Once you run the false “test application” it starts using your TV’s computing power to mine digital currencies and send the profit the bad actors’ wallets. Of course, nobody authorizes the app to do so. However, you only start to realize something is wrong when your TV starts to show errors, to pause your videos or to completely stop responding. That’s it, you are screwed now because deleting the ABD.Miner won’t do the trick. Your only chance of watching your favorite shows again is to restore the default settings. Needless to say, this wipes out off of your preferences and stored data but hey, it’s better than not having TV at all.

Those of you who are familiar with cryptojacking have probably already guessed that we talking Coinhive here. Interestingly, ABD.Miner replicates itself over various Android devices through their ABD debugging interface. The number of infected devices used to double every 12 hours though for the moment everything is under control. Having said that, it is advisable to turn off the ABD debugging interface of your Amazon Fire TV.

Today your TV, Tomorrow the world

Such pandemic cases of hacking attacks just go to show how vulnerable we are. Cryptojacking is relatively harmless but let’s think about it for a moment. If a bunch of hackers can force any device on the planet to mine Monero it can force it to make anything. Driverless cars, anyone? What about life support systems? What about large energy facilities? Cryptojackers are just some kids foolin’ around compared to internet extremists.

At the same time, we dub some gadgets “smart” and we thrive to interconnect them into the Internet of Things. Sure it sounds, exciting but come on, we are not ready for that.

security,

Coinhive Plagued The Internet Once Again

Cryptojacking made it to the headlines for all the wrong reasons once again. Its most prominent representative, the Coinhive mining script, has plagued the internet in a massive hackers’ attack. This time otherwise trusted government and universities websites fell victim to the cryptojackers. In fact, as much as 300 websites were compromised globally. The cybersecurity specialist Troy Mursch made the revelation on May 5 but the news is still viral as the attack is one of the largest up to date.

Mursch states that the hackers took advantage of an existing bug in the Drupal content management system (CMS). A day earlier the researcher took to Twitter stating that the websites of the San Diego Zoo and the government of Chihuahua are infected with the malicious software.

cryptojacking

For those of you unsure what Coinhive is – Coinhive is a JavaScript program specifically designed to mine Monero through web browsers. Usually, it forces visitors’ devices to use their computing power for cryptocurrency mining. Needless to say, all of this happens without the explicit consent of the user. Victims report an impaired performance of their devices as well as dead batteries. More information about cryptojacking here.

Going back to the recent attack, Mursch notes that he had found Coinhive injected in 348 websites. Most of them are high-profile platforms such as the US federal agency The National Labor Relations Board, and the Lenovo user account website. If you are interested in the whole list of the cryptojacking attack victims, click here.

This is not the first time Coinhive gives cryptojacking a bad name. Undoubtedly it is the hacker’s favorite because it is easy to set up, requires relatively mid-range skills, and is profitable. After all, it works equally well on websites, ad campaigns and local wi-fi networks. And last but not least, there are many places on the net where you can find it for free.

cryptocurrencies,

The Pros And Cons Of Cryptojacking

The amount of money involved in cryptocurrency trade is huge but the industry has the potential to grow even larger. As of writing, the market cap is just above $320 billion, recovering from the recent weeks’ plunge. We have often discussed that the crypto world is far from being 100% secure but that doesn’t mean you should not join. You just have to be careful when trading.

Hackers have numerous ways to compromise security measures and while hacking websites and phishing are instruments from the past, the birth of digital currencies gave fraudsters another useful tool – cryptojacking.

What is cryptojacking?

Cryptojacking is the act of using someone else’s computing power to mine tokens for you. Of course, the action takes place without the knowledge of the victim. A wordplay of cryptocurrency and hijack. Unlike hacking a wallet or an exchange, cryptojacking requires far less skills. In fact, you don’t have to be IT specialist to take advantage of it. Usually, the scenario is as follows – the hacker embeds the mining script on a particular website. When visitors enter the website the mining script becomes active and forces the user’s CPU/GPU to mine a specific cryptocurrency and send it to previously set up wallet. There are even scripts that are ready for use so you don’t have to write them by yourself, apart from modifying the wallet address. Coinhive is such an example. The internet is full of guides on how to use it. What I am trying to say is, cryptojacking is easy to carry and it is profitable. However, as anything else, it has its advantages and disadvantages and we find it difficult to outright say cryptojacking is bad.

The pros of cryptojacking

Cryptojacking is actually something that can be beneficial to both hackers and victims. Yeah, I know it sounds strange but just think about it. For many websites the main source of income are advertisements. Needless to say, they are friggin’ annoying and this is exactly where cryptojacking might be of help. In order to provide ad-free experience to their users, some places on the net let their visitors choose between giving off computing power or being exposed to ads. In other words, if you hate ads, you can just let your device mine some tokens for the website owners. Usually when we talk about this kind of cryptojacking the mining script does not exert the CPU/GPU. But…

The cons of cryptojacking

Unfortunately, not all cryptojackers are that friendly. Sometimes hackers embed mining scripts in foreign websites or Wi-Fi networks. In these cases the script forces your device to fully use its computing power for mining. When this happens, users often report that their PCs and smartphones become super slow, while the batteries die in no time. There are reports of devices that have been subjects to cryptojacking and are no longer usable. Simply said, cryptojacking can sometimes be dangerous to your electronics. Luckily, there are many browser extensions that automatically block Coinhive-like scripts.

In conclusion, we have to say that while many deem cryptojacking a cybercrime, it is far less harming than other cybercrimes. At least because it does not collect private data like Facebook and Google do. On the other hand, it would be better if cryptojackers do not use it in a way that is harmful to the mining devices.