Cyber Security Firm Check Point Research Reports of ‘Evolving’ Monero Cryptojacker

Cyber security firm Check Point Research has found that the KingMiner cryptojacker targeting cryptocurrency Monero (XMR) is “evolving,” according to a company’s blog post published Nov. 30.

KingMiner was purportedly firstly detected in mid-June, subsequently evolving in two improved versions. The malware attacks Windows Servers by deploying various evasion methods to skirt its detection. Per Check Point data, several detection engines have registered significantly decreased detection rates, while sensor logs have shown a growing number of KingMiner attacks.

The firm has been monitoring KingMiner activity over the past six months and concluded that the malware has evolved in two new versions. The blog post further explains:

“The malware continuously adds new features and bypass methods to avoid emulation. Mainly, it manipulates the needed files and creates a dependency which is critical during emulation. In addition, as part of the malware’s ongoing evolution, we have found many placeholders for future operations or upcoming updates which will make this malware even harder to detect.”

Check Point has determined that KingMiner uses a private mining pool to bypass any detection of their activities, wherein the pool’s (API) is turned off and the wallet is not used in any public mining pools. The attacks are reportedly widely spread around the world.

According to the company’s findings, the malicious software attempts to guess passwords of the servers it attacks. Once a user downloads and executes the Windows Scriptlet file, it reportedly identifies the relevant Central Processing Unit (CPU) architecture of the device and downloads a payload ZIP file based on the detected CPU architecture.

The malware eventually destroys the relevant .exe file process and deletes the files themselves, if older versions of the attack files exist. Check Point also notes that the file is not an actual ZIP file, but rather an XML file, which will circumvent emulation attempts.

As Cointelegraph reported yesterday, Russian internet security company Kaspersky Labs has found that crypto mining malware became increasingly popular among botnets in 2018. During the Q1 2018 cryptojacking “boom,” the share of cryptojacking malware downloaded by botnets, out of total files, hit 4.6 percent — as compared with 2.9 percent in Q2 2017.

Botnets are reportedly therefore becoming increasingly viewed as a means of spreading crypto mining malware, with cybercriminals increasingly viewing cryptojacking as more favorable than other attack vectors.

Author: Cointelegraph By Ana Alexandre

Source link

Related posts

10 Thoughts to “Cyber Security Firm Check Point Research Reports of ‘Evolving’ Monero Cryptojacker”

  1. Fortune Games New Zealand

    … [Trackback]

    […] There you can find 79983 additional Information on that Topic: […]

  2. บาคาร่า1688

    … [Trackback]

    […] Here you can find 5151 more Info on that Topic: […]

  3. Esport

    … [Trackback]

    […] Here you will find 83034 additional Info to that Topic: […]

  4. fake rolex

    … [Trackback]

    […] Find More here to that Topic: […]

  5. good shop dumps

    … [Trackback]

    […] Info on that Topic: […]

  6. flirt hrvatska

    … [Trackback]

    […] Find More to that Topic: […]

  7. navigate to this site

    … [Trackback]

    […] Find More on on that Topic: […]

  8. Porn

    … [Trackback]

    […] Find More to that Topic: […]

  9. bullet journal template

    … [Trackback]

    […] There you will find 47084 additional Info to that Topic: […]

  10. 토토포켓몬

    … [Trackback]

    […] Information to that Topic: […]

Leave a Comment