Posted on April 27, 2019 at 5:14 PM
There is a new type of malware rocking the crypto world and it is focusing its fang on Asian countries and using the attack to mine monero (XMR) digital currency.
According to cybersecurity behemoth and software company Symantec, more than 80% of the systems that have been affected by this malicious software are based in China. Also, their report stated that other nations in Asia have also been affected and these include Japan, Vietnam, and South Korea.
Beapy Wreaking Havoc
Now named ‘Beapy’, the malware is a file-based application that operates on crypto mining platforms. It is not an application that depends on browsers and it operates by forwarding infected Excel file to victims in the form of an email attachment and it ends up downloading DoublePulsar onto the system of the victim once the attachment is opened.
DoublePulsar is significant because it was made by the United States National Security Agency before it fell into the wrong hands then later launched for public use in 2017. This same application was utilized in the WannaCry ransomware crisis in 2017.
After the installation of DoublePulsar is complete and functional on the device of the victim, the miner is downloaded. During the same period, it makes use of a different leaked NSA app called EternalBlue, it is with the agency of EternalBlue that the malware is able to spread rapidly across the networks via vulnerable computer systems. While doing this, it ends up gaining illegal access to information of others.
This attack is considered a real threat to online business. Symantec stressed this point saying that the attack can lead to a reduction in performance of the systems which can trigger a decrease in the productivity of the works. When these happen, one can immediately notice a spike in the cost of running the business. In a situation where this continues and the cost of doing business keeps mounting, then the consequence will be an intensification of the amounts of loss generated. If this is not stemmed, it can lead to a total downfall of the enterprise.
Even though it has been observed that malware attacks have been on a decrease over the past one year, there is still sufficient activity by the malware to warrant enough inspection and constant surveillance. According to Symantec, there were less than three million cryptojacking attempts in March 2019 and even though there was a drop from the highest level in early 2018 when eight million attempts were recorded, three million is still a disturbing figure.
Symantec clarified that it made the first notice of activity by Beapy in January 2019 but it has become more active since the beginning of March. Monero is very popular within the hacking community due to the nature of its privacy characteristics. Research has shown that via these attacks, hackers have been able to mine as much as five percent of all the total monero currency that is in the overall system.
Towards the beginning of 2019, another set of researchers at the cybersecurity company Palo Alto Networks chanced upon a type of malware that overtakes the administration of systems. After taking over the control, it then uninstalls the cloud security features put in place then quickly installs the code that goes ahead to mine the digital currency. This same set of researchers also found another type of malware and this one operates by grabbing cookies from browsers of infected systems. It also steals other types of information and it focuses its own attacks on Apple Mac computer systems but the goal is the same – to steal digital currencies like monero.