Até recentemente, kits de exploração foram implantados principalmente para distribuir ransomware. Contudo, seguindo a tendência atual de infecções em todo o mundo, cibercriminosos começaram a usar kits de exploração para a distribuição de mineradores de criptomoedas.
Exploit Kits and Drive-By Downloads Actively Used in the Distribution of Miners
Exploit kits and drive-by downloads have been detected in some campaigns silently delivering mining malware to online users. These campaigns lure users into installing cryptominers on their systems thus hijacking their CPU’s power through in-browser cryptojacking, and also take advantage of organizations’ vulnerable cloud computing environments, relatório pesquisadores.
Mais especificamente, researchers detected a campaign focused on the delivery of cryptominers with the help of drive-by attacks. There was an uptick in the payloads from the well-known RIG exploit kit at the end of 2017. This activity has been extended via a campaign named Ngay.
Ngay droppers contained one or more cryptominers and were aimed at mining for Monero or currencies such as Bytecoin and similar, less popular ones. In this campaign, the Monero miner is downloaded in a complicated process, and this process is also seeking to register it permanently as a running service.
“The extracted binary from the RIG EK payload is an installer that drops several .NET modules,” said Jérôme Segura, the researcher who analyzed the campaign.
One of these modules uses an exploit taken from a GitHub repository with the purpose to elevate privileges. Another module has sub-modules for protecting and managing the running services. And the third module downloads and manager the Monero cryptocurrency miner.
Segundo o pesquisador, there is a definite increate in malware payloads from exploit kits that are cryptocurrency miners. The trend is expected to continue throughout 2018, as well as the growth of these miners as a whole.
This trend is becoming more dangerous as crypto mining has turned into a cross-platform threat that endangers thousands of infected machines.
How to Protect Your Computer from Cryptocurrency Miners
There are different ways to deal with a cryptocurrency miner depending on its type and capabilities. Quanto mais sofisticado é o mineiro, como nos casos recentes de criptomineração drive-by, mais desafiador seria lidar com isso.
Se o mineiro é básico, o usuário pode instalar uma extensão específica de acordo com seu navegador que interromperia a mineração no navegador da web. Também existe a opção de bloquear manualmente os domínios associados à mineração de criptomoedas.
Contudo, if the system is affected by malware or ransomware that was equipped with a browser miner virus, então é aconselhável usar uma solução anti-malware adequada para lidar com todas as infecções.