Cyber-crime researchers have discovered new features of known ‘cryptojacking’ malware, Smominru. In addition to mining Monero (XMR) on behalf of an unsuspecting computer, the software can now steal credentials and allow attackers remote access to systems as well.
According to a report in the cybersecurity publication ZD Net, the Smominru covert cryptocurrency mining malware has received an upgrade. The addition of credential-stealing code and remote access functionality stands to make the attack much more effective than previous cryptojacking efforts.
Cryptojacking Getting More Complex
For those that don’t know, cryptojacking refers to the practice of infecting a computer with malware and attempting to use its hardware to mine cryptocurrency. Typically, Monero is favored for such efforts. This is not only because the cryptocurrency is much more privacy-preserving than the likes of Bitcoin, but also because it can be successfully mined on much less powerful hardware. This makes the computer systems of the general public worthy targets.
Researchers from Carbon Black’s Threat Analysis Unit (TAU) said the Smominru cryptojacking campaign showed greater sophistication than similar efforts. These less advanced pieces of malware rely on brute force attacking credentials and relaying mined cryptocurrency back to the hackers.
Smominru takes this a step further, recently being upgraded to steal system data. The TAU calls this ‘access mining.’
By using both a Remote Access Trojan (RAT) and a data harvesting module, along with the mining software itself, the attackers are able to compromise a far greater number of machines.
The TAU also believes that access data for compromised servers are being sold on so-called ‘access marketplaces’ on the Dark Web. Credentials in such marketplaces can sell for as little as $6.75.
The report, as cited by ZD Net, states:
“Based on the specific system details they gathered, it is plausible this information could be sold on an access marketplace, allowing for remote access into these systems for use as zombies in large-scale attacks or to execute targeted attacks on specific hosts at specific companies.”
Finally, the researchers claim that most victims appear to be from the Asia Pacific region. However, there are examples among the 500,000 compromised machines of victims from every corner of the globe.
What do you think about the improved methods used by the cryptojackers behind Smominru? What precautions do you take to stop yourself falling victim to similar attacks? Let us know your thoughts in the comments below.