Until recently, exploit kits were mostly deployed to distribute ransomware. However, following the current trend in worldwide infections, cybercriminals have started using exploit kits for the distribution of cryptocurrency miners.
Exploit Kits and Drive-By Downloads Actively Used in the Distribution of Miners
Exploit kits and drive-by downloads have been detected in some campaigns silently delivering mining malware to online users. These campaigns lure users into installing cryptominers on their systems thus hijacking their CPU’s power through in-browser cryptojacking, and also take advantage of organizations’ vulnerable cloud computing environments, researchers report.
More specifically, researchers detected a campaign focused on the delivery of cryptominers with the help of drive-by attacks. There was an uptick in the payloads from the well-known RIG exploit kit at the end of 2017. This activity has been extended via a campaign named Ngay.
Ngay droppers contained one or more cryptominers and were aimed at mining for Monero or currencies such as Bytecoin and similar, less popular ones. In this campaign, the Monero miner is downloaded in a complicated process, and this process is also seeking to register it permanently as a running service.
“The extracted binary from the RIG EK payload is an installer that drops several .NET modules,” said Jérôme Segura, the researcher who analyzed the campaign.
One of these modules uses an exploit taken from a GitHub repository with the purpose to elevate privileges. Another module has sub-modules for protecting and managing the running services. And the third module downloads and manager the Monero cryptocurrency miner.
According to the researcher, there is a definite increate in malware payloads from exploit kits that are cryptocurrency miners. The trend is expected to continue throughout 2018, as well as the growth of these miners as a whole.
This trend is becoming more dangerous as crypto mining has turned into a cross-platform threat that endangers thousands of infected machines.
How to Protect Your Computer from Cryptocurrency Miners
There are different ways to deal with a cryptocurrency miner depending on its type and capabilities. The more sophisticated the miner is, as in the recent cases of drive-by cryptomining, the more challenging it would be to deal with it.
If the miner is a basic one, the user may install a specific extension according to his browser that would stop the mining in the web browser. There is also the option to manually block domains that are associated with cryptocurrency mining.
However, if the system is affected by malware or ransomware that was equipped with a browser miner virus, then it is advisable to use a proper anti-malware solution to deal with all of the infections.