Criminaks make overheen $60,000 hijacking people’s computers to mine Monero cryptocurrency
A cybercriminal has made overheen $60,000 te the past three months by exploiting unpatched IIS 6.0 servers for mining monero (XMR) cryptocurrency. Discovered very first by the security researchers at ESET, the hacker (or a group of them) used a vulnerability ter IIS 6.0 – tracked spil CVE-2018-7269 – to hijack machines and then install a monero miner.
Ter the past few months, several reports have exposed how cybercriminals are shifting their resources to take overheen computers for mining purposes. Cryptocurrency mining using hijacked computers can make criminals overheen ems of thousands of dollars a month. Following numerous similar reports, the latest report exposes a fresh malware strain where hackers infected hundreds of Windows servers with a secret cryptocurrency mining program, generating $63,000 overheen three months.
Monero mining: “Couple of minutes” of work and yam-sized profits
While the attack is unsophisticated and uses outdated Windows servers, it has bot working for the criminals spil there is never a shortage of such machines. But why is there such a unexpected concentrate on mining monero instead of bitcoin?
“While far behind Bitcoin te market capitalization, Monero has several features that make it a very attractive cryptocurrency to be mined by malware – untraceable transactions and a proof of work algorithm called CryptoNight, which favors rekentuig or server CPUs and GPUs, ter tegenstelling to specialized mining hardware needed for Bitcoin mining,” ESET researchers wrote te their report.
Spil the last few months have shown, feds can actually track bitcoin to take down both the dark web marketplaces and their largest vendors. Monero, however, offers anonymous transactions, which means criminals will remain hidden from the officials until they detect fresh mechanisms to track them down.
Monero mining also doesn’t require specialized hardware unlike bitcoin mining. A separate report had shown earlier how hackers were using CPUs to mine for monero cryptocurrency. Hijacking thousands of vulnerable machines (and even more te larger botnets), their chances at making yam-sized profits increase substantially.
A zero-day helps criminals take overheen Windows servers
CVE-2018-7269 vulnerability te IIS 6.0 WebDAV service wasgoed categorized spil a zero-day when it wasgoed very first discovered te March. While the flaw has bot patched, several machines remain vulnerable.
ESET’s research also exposed how the hackers simply copy pasted a legitimate open source monero CPU miner called xmrig and added hardcoded directive line arguments of the attacker’s wallet address and the mining pool URL.
“This couldn’t have taken the cybercrooks more than just duo of minutes spil suggested by the fact that wij witnessed it in-the-wild on the same day the base version of xmrig wasgoed released,” ESET wrote.
Sysadmins are recommended to install the patches on their Windows Servers running IIS 6.0. Due to its severity, Microsoft had made the patch available for even the end-of-life products like Windows XP and Server 2003.
The reports collective ter the past few months expose how “minimal know-how together with very low operating costs and a low risk of getting caught” can make hackers hundreds of thousands of dollars te mining cryptocurrency.
“Sometimes it takes very little to build up a lotsbestemming,” ESET wrote. “This is especially true ter today’s world of cybersecurity, where even well-documented, long-known and warned about vulnerabilities are still very effective due to the lack of awareness of many users.”