Monero, the Cryptocurrency that CyberCriminals Can Never Hate

Monero-Launches-Initiative-to-Combat-Cryptocurrency-Mining-Malware

Monero coin mining is the current darling of the cybercriminal community. With an easy entry to the cryptocurrency trend compared to Bitcoins and Ethereum, Monero-mining malware has been the center of development in virus programming vis-a-vis ransomware. It is a very profitable undertaking for Monero mining malware to be embedded with a legitimate site, without the user’s knowledge that it is already stealing CPU/GPU cycles for the task. One such genuine website is Slate.com which experimented with Monero mining through their website, they briefly replaced the adverts by unannounced with cryptojacking functionality that used Javascript.

Monero is a cryptocurrency, according to CryptoBriefing, they define Monero as: “Monero (XMR) is a cryptocurrency which focuses on being untraceable and private. Its design differs from Bitcoin’s in a few key ways, but it should be understood as a cryptocurrency similar to Bitcoin – it can be used to buy and sell things, and can be exchanged for other coins or tokens. Monero manages to privilege the details of transactions in such a way that only the actors in the transactions can accurately verify their sending and receipt, while publicly this information is difficult to trace.”

“Attackers like Monero for two reasons: 1) it is private, so they do not need to worry about companies and law enforcement tracing what they do with the Monero after they mine it, and 2) Monero uses a Proof of Work (PoW) algorithm that is CPU and GPU-friendly; thus, the infected machines are competitive. These two components are increasingly distinguishing factors for why attackers choose to mine Monero over other cryptocurrencies,” explained Justin Ehronhofer, Malware Response Workgroup’s Director.

Ehrenofer’s working group continue to study the developments of such malware, as it has extreme effects on the web. The chain of trust that users give to the site they often visit will be tainted with doubt, a doubt that has a basis in reality. “We created this workgroup to help the victims of these mining/ransomware attacks, who often have no idea what Monero, mining, and cryptocurrencies are… the increased prevalence of Monero-related malware prompted the formation of the workgroup,” added Ehrenofer.

Cryptojacking malware through website visits increases the attack surface of a computer. Through the use of the ubiquitous Javascript, mining of Monero has been simplified, the perpetrators do not need to directly infect the computer of the visitor. The mining operations happen on the browser itself, which means the risk is not only Windows-based, the used to be more secure platforms, Linux and MacOS are also vulnerable.

Monero coin is a legitimate cryptocurrency, similar to Bitcoin and the rest of its derivatives they are actively being traded by various exchanges worldwide. Due to lower barriers of entry, Monero has been at the center stage as a favorite cryptocurrency of cybercriminals engaging with cryptojacking. However, this is highly condemned by Monero community, they are strong believers that alternatives to Bitcoin, like Monero, will further embed the legitimacy of the use of cryptocurrency for everyday use.

“Monero itself and the community aren’t attacking computers, but the computers are attacked with some vulnerability and the attacker decides to run mining software on the compromised machines,” concluded Ehrenofer

Julia Sowells713 Posts

Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password
Register