Home > Cyber News > RIG EK Currently Delivering Monero Miner to Unsuspecting Users

RIG EK Currently Delivering Monero Miner to Unsuspecting Users

Until recently, exploit kits were mostly deployed to distribute ransomware. However, following the current trend in worldwide infections, cybercriminals have started using exploit kits for the distribution of cryptocurrency miners.

Exploit Kits and Drive-By Downloads Actively Used in the Distribution of Miners

Exploit kits and drive-by downloads have been detected in some campaigns silently delivering mining malware to online users. These campaigns lure users into installing cryptominers on their systems thus hijacking their CPU’s power through in-browser cryptojacking, and also take advantage of organizations’ vulnerable cloud computing environments, researchers report.

Related Story: Monero Cryptocurrency to Follow Bitcoin in Criminal Popularity?

More specifically, researchers detected a campaign focused on the delivery of cryptominers with the help of drive-by attacks. There was an uptick in the payloads from the well-known RIG exploit kit at the end of 2017. This activity has been extended via a campaign named Ngay.

Ngay droppers contained one or more cryptominers and were aimed at mining for Monero or currencies such as Bytecoin and similar, less popular ones. In this campaign, the Monero miner is downloaded in a complicated process, and this process is also seeking to register it permanently as a running service.

The extracted binary from the RIG EK payload is an installer that drops several .NET modules,” said Jérôme Segura, the researcher who analyzed the campaign.

One of these modules uses an exploit taken from a GitHub repository with the purpose to elevate privileges. Another module has sub-modules for protecting and managing the running services. And the third module downloads and manager the Monero cryptocurrency miner.

According to the researcher, there is a definite increate in malware payloads from exploit kits that are cryptocurrency miners. The trend is expected to continue throughout 2018, as well as the growth of these miners as a whole.

This trend is becoming more dangerous as crypto mining has turned into a cross-platform threat that endangers thousands of infected machines.

Related Story: Drive-By Cryptomining Continues After the Browser Is Closed

How to Protect Your Computer from Cryptocurrency Miners

There are different ways to deal with a cryptocurrency miner depending on its type and capabilities. The more sophisticated the miner is, as in the recent cases of drive-by cryptomining, the more challenging it would be to deal with it.

If the miner is a basic one, the user may install a specific extension according to his browser that would stop the mining in the web browser. There is also the option to manually block domains that are associated with cryptocurrency mining.

However, if the system is affected by malware or ransomware that was equipped with a browser miner virus, then it is advisable to use a proper anti-malware solution to deal with all of the infections.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree