Crypto Thieves & Malware Gladiators
Cyberattacks and malware spikes are often correlated with significant events in world politics. The recent Global Cyber Threat Report 2018 reveals a number of alarming trends
Trojans
Currently the lion share of the "malware marketplace" is dominated by Trojans Trojans perform a sneaky covert activity while they hunt for confidential data, therefore often times unnoticed by the owner of the infected machine.
Trojans implant ransomware, adware or even cryptominers.
Top Three Absolute Worst Trojans:
#1 TrojWare.Win32.Agent - This malware not only penetrates users’ computers but on top of that downloads other malwares from a cybercriminal server.
#2. TrojWare.JS.Clickjack - it makes users unintentionally click on links that lead to a malicious website to infect users with other types of malware
#3. TrojWare.JS.Faceliker this one is actually less malicious, it clicks posts in Facebook on behalf of the user to promote fraudulent pages
Trojans spread via phishing emails. Earlier phishing emails mostly contained a link to a malicious website to lure victims to supply their credentials. But today phishing emails have become a potent means of delivery for trojans and other malware. These trojans steal confidential data by ferreting out infected machines in search of valuable data and then send it to cybercriminals’ servers.
Cryptominers
Nowadays, cryptominers evolved into multifunctional malwares.
Although Trojans are more malicious, the current cryptominer behavior can be compared with a group of training Gladiators. Cryptominers are quickly evolving and gaining new dangerous abilities. Earlier examples of cryptomining were only able to use mine cryptocurrency on behalf of the attacker on the infected machine.
Because of that, many users did not regard them as particularly dangerous.
That however radically changed more recently.
New samples of cryptominers detected exhibit much more harmful abilities than those required for merely mining cryptocurrency.
Cryptominers are transforming into a sophisticated and multifunctional weapon for cybercriminals. They are learning to hide and fight against antimalware tools. These sneaky cryptominers can camouflage themselves, kill competing cryptominers, and even crash user systems if met with an attempt to delete the malware.
Next Generation Malware: Fileless malware
File-based malware resides on the hard drive, therefore are easy to detect.
On the other hand fileless malware is different. Fileless hardware is a malicious code injected into legitimate OS processes. It need not be installed on a victim machine but functions only in memory, making much more harder for antiviruses to detect.
Usually, fileless malware spreads via malicious ad banners. Unsuspecting users click on a banner , which then redirects them to an infected website where the malware covertly installs itself into the victim’s computer.
Since most antiviruses cannot detect it, users remain unaware of being infected. Not surprisingly, its becoming more and more popular among cybercriminals
WinstarNssmMiner, a system killer
The WinstarNssmMiner is perhaps the most vicious 2in1 cryptominer, purposed to steal computer resources to mine cryptocurrency coins for cybercriminals.
But it has a special feature – it can root into a system so deeply that it becomes unremovable. If the victim attempts to kill it, WinstarNssmMiner will kill the target system totally.
The dirty little secret of WinstarNssmMiner’s persistence lies in its method of infecting a victim’s computer.
It consists of two processes injected. The first performs the main task – mining cryptocurrency. The other runs in the background looking for antivirus products and disables them.
CoinHive is another popular JavaScript cryptominer. Attackers figured out a sneaky trick to camouflage malware and infect Coinhive URL.
Android malware skyrocketed
Android devices are rapidly becoming high-value targets for cybercriminals and malware authors. If the victim is a CEO, politician or other V.I.P, the content of the mobile device can be sold at the highest prices.
People wrongly assume that they are safe if they download apps strictly from the official Google Play store.
Often times spywares are camouflaged as regular Apps in the app store. Once the app is downloaded - and the user opens it - the app covertly connects with the Cybercriminals Command and Control Server. Some Malwares impersonate popular app like Telegram. Other Enable and disable the GPS services.
Record audio and send it to the Cybercriminal's Command & Control server Some malwares upload image files and collect browser data
Some not only send text messages but also read outgoing messages. These are literally stalking bots.
Computer Worms
A computer worm is much like a virus, but typically travels autonomously, exploiting network vulnerabilities as it travels across the Internet.
A worm is like a truck full of malicious payload delivered straight to the victims computer or network. Worm infections are currently most popular in Russia, India and Turkey.
Overall there is a significant increase in malwares and cyber security is almost always playing catch up with the malware authors and cybercriminals.
Mobile devices are becoming super attractive targets for cybercriminals because handsets and tablets contain a variety of confidential information but lack protection comparable to that on desktop systems.
As more people use their mobile devices for financial transactions (via cryptocurrency / banking transactions and e-payment apps) and store confidential information (like messenger correspondence and private pictures), cybercriminals can anticipate rich pickings from exploiting those devices.
Attackers can profit from stealing money and / or selling confidential information.
Cheers & thanks for reading! ~ Csilla Brimer
Brief Bio:
Csilla is the Founder of the Colorado Springs Community and Co-Founder of The Crypto Café.
When she isn’t on a mission to build companies and communities, she likes to build and fly drones, travel with her awesome toddler and enjoy the wild-wild west era of crypto investments.
Connect on LinkedIn : Csilla Brimer
Join our Telegram Group