According to email security firm MailGuard, the new “malware pandemic” is a devious technique criminals have come up with to use malware to mine cryptocurrency on hijacked machines.
In a blog on the MailWatch website, the company's blog editor Emmanuel Marshall says that recently, with the surges in cryptocurrency value, the new malware has appeared.
“When cryptojacking malware first started to appear, it was generally found embedded in web pages and infected victim’s devices when they browsed a compromised site,” Marshall notes.
“The victim will get a message in their inbox with some sort of link to a file or Web page infected with the cryptojacking malware. Malicious emails are usually designed to look harmless; cybercriminals try to make their scam messages appear to be from a large company or government organisation that has a trustworthy reputation. Think of parcel delivery scams from DHL, fake online shopping notices from eBay, or fraudulent notifications from your government tax office.”
According to Marshall, most victims of cryptojacking malware attacks don’t even know their machine has been infected.
He says the malware works in the background, mining cryptocurrency and delivering it to the criminals without the victim’s knowledge, and the only side-effect of the malware infection “will be a dip in device performance because of the extra work the processor is doing”.
Marshal says that cybercriminals use cryptojacking attacks to take control of all kinds of devices.
“Recently there has been a big increase in cryptojacking attacks aimed at phones. A 2018 report found that cryptojacking attacks on Android devices had increased by a staggering 4000% in the first three months of this year.
“Although an individual phone doesn’t yield much processor power on its own, criminals can build a botnet of infected devices and make them work together. In this way, they can harness vast processor resources across a network of infected machines, stealing a small amount of bandwidth from each device.”
Marshall says a newly discovered cryptojacking malware — called WinstarNssmMiner — has the built-in ability to crash victim’s computers if they attempt to remove it.
And he says researchers have just announced they have identified WinstarNssmMiner in half a million cryptojacking attacks occurring over a three-day period.
“The recent growth in the cryptocurrency market will likely create even more incentive for criminals to perpetrate cryptojacking scams. Cyber criminals use simple scam emails to infiltrate organisations with malware and attack them from the inside,” Marshsall says.
“To avoid becoming a victim, it’s a good idea to familiarise yourself with the most common elements of the email scams used to deliver cryptojacking malware.
“All criminals need to break into your business is a cleverly worded email. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.”