Crypto Malware: Redirects Website Users to Malicious Sites & Infects Their Computers
Updated on: March 29, 2020
Bhagyeshwari Chauhan
4 mins read
Cryptocurrencies have been the fad of 2017. This year further witnessed the massive rise of Bitcoins and a rampant emergence of various other cryptocurrencies worldwide. What’s more, even online attacks worldwide demanded ransom in the form of bitcoins. Lately, in another rampant online attack, more than 2000 WordPress websites have been compromised of user credentials by crypto malware to mine cryptocurrency. The hackers used a malicious software to create Monero, one of several new cryptocurrencies which are making a splash in financial markets.
What is the Crypto Malware?
If you are a Google Chrome browser user and have been using the Archive Poster web browser extension, it is highly likely that your PC may have been hijacked without your knowledge to mine cryptocurrencies. This extension made use of a distributed-network cryptocurrency mining program called Coinhive to mine a currency called Monero.
In another cryptocurrency mining incident, torrent portal The Pirate Bay was caught running a cryptocurrency miner on its website, quietly hijacking visitors’ computing resources to stack Monero coins.
The recently witnessed massive blockchain boom has resulted in the rise of crypto-jacking scripts. In layman terms, these scripts are known as the crypto malware which uses site visitor CPUs to mine for cryptocurrencies.
A typical Crypto malware is a malware code, piggyback on popular apps which sneakily uses the processing power of thousands or millions of computing devices globally. All this takes place without their owners suspecting a thing.
Recently, Youtube witnessed another case of “crypto jacking” which was resolved by Google. Anonymous hackers managed to run ads on Youtube which consumed the visitors’ CPU power and electricity in order to mine cryptocurrencies for the hackers. The attackers could do so by placing the mining malware on YouTube via the Google DoubleClick advertising platform, disproportionately targeting users from Japan, France, Taiwan, Italy, and Spain.
How Does the Crypto Malware Attack take place?
In a recent case of cryptocurrency mining from WordPress websites, hackers resorted to changing the underlying code to run infected Javascript files from malicious domains. The hacker infects the pages of targeted websites with a keylogger, a malware that records keystrokes and sends them to the attacker’s server. This allows the hacker to steal credentials and other data entered in website’s forms
Moreover, a WordPress website is typically being infected with CoinHive, an in-browser crypto jacker that secretly uses the CPU of visitors to mine cryptocurrency. Common symptoms of Cryptocurrency miners include a sudden slowing down and heavy battery drainage of their computers and smartphones.
These attacks usually occur on websites running outdated versions of WordPress or containing insecure unpatched plugins. WordPress has a very popular market for plugins and extensions with more than 50,000 plugins, and thousands acquired from other sources. Quite often, these plugins are often poorly secured, containing exploitable vulnerabilities, leading to the ease of such malware attacks.
How to Mitigate Against a Crypto Malware Attack?
In case you’ve not yet been attacked by crypto miners, following some measures can help you secure your system from such attacks and help stay safe from a ransomware attack:
1. Run the Astra Web Security Scan. This can largely aid you in eliminating threat agents before an attack.
2. Install Malware Scanners. Anti-malware solutions can utilize robust signatures to detect and block a crypto-malware threat before it can get executed on a system. Decryption tools and backup options allow victims of ransomware to clean their computers of ransomware before they restore their data using a free decryption tool or available backup.
3. Protect your site from brute force attacks- This method is widely used to crack passwords to admin accounts, which in turn can be used to steal information and documents of paramount importance. Check our detailed blog on How to secure your admin panel of Magento, Joomla, WordPress, Drupal, and Opencart.
3. Install pop-up blockers. Malvertising is a common way of delivery of malware. In a typical malvertising campaign, a bad actor first gains the trust of an advertising network by posting clean advertisements and thereafter uses his place to post malicious ads on websites. One way to detect crypto miners is to start noticing the sharp increase in CPU usage. One can also try using JavaScript-blocking extensions like NoScript (for Firefox) or ScriptSafe (for Chrome). Another alternative is to manually add the crypto miners in question to your list of blocked domains in ad-blocker.
With cryptocurrencies gaining value lately, crypto malware for crypto mining is here to stay. But adapting your systems to detect malwares before the damage is caused can mitigate a great amount of risk.
Already infected with crypto malware and other security issues? Drop us a message on the chat widget and we’d be happy to help you fix it.
Bhagyeshwari Chauhan
Great post. I was checking continuously this blog and
I’m impressed! Extremely useful information particularly the last part 🙂 I care for such information a lot.
I was looking for this particular info for a long time. Thank you
and best of luck.