Monday 20 August 2018, Poradnik bezpieczeństwa

A new dangerous form of malware targeting cryptocurrencies

Lost24

A while ago, Microsoft Corporation has encountered a rapidly spreading cryptocurrency-mining malware, dubbed Dofoil, aka Smoke Loader, that infected hundred of thousands of computers within just several hours.

According to the Microsoft internet security experts, Dofoil includes a resource-draining cryptocurrency-mining payload. It connects to a remote site and downloads and executes arbitrary files, which can also download and run other malware.

Cryptocurrency-mining malware, or just cryptomining malware, is a relatively new term that refers to software programs and malware components developed to take over a computer's resources and use them for cryptocurrency mining without a user's explicit permission.

Besides the cryptomining malware mentioned above, there was another cryptocurrency miner named Adylkuzz reported after Wannacry attack last year. It was diagnosed to have the same way of infecting the computers with Wannacry, which used the EternalBlue exploit to rapidly propagate the malware over corporate LANs and wireless networks. Unlike Wannacry, Adylkuzz cannot be considered as a ransomware. Adylkuzz does not hold data or machines hostage. Instead, it exploits the infected PCs’ system resources to fuel its authors’ cryptocurrency mining operation, so it’s only focused on mining the cryptocurrency.

The internet security experts are convinced that the influence of Adylkuzz would be worse than Wannacry because it shut down SMB networking to prevent further infections with other malware.