Every day, there’s a report detailing how ransomware is affecting the world. The attackers are also getting innovative in their attacks. Recently, Cybersecurity form ESET published an account about the Stantinko botnet, a popular mining malware that is now using YouTube pages to spread ransomware.
According to the report, the botnet, which has been operating since about 2012, has now affected up to half a million computers. Its primary targets are located in Russia, Ukraine, Belarus, and Kazakhstan. The malware operates a simple cryptojacking operation, although this time, it distributes a Monero-morning virus through pages on YouTube.
Crypto hackers use codes to steal processing resources from unsuspecting users, disguising their nefarious activity with other processes, and using the computer’s computing power to mine cryptocurrencies.
ESET claimed that it had informed YouTube about the bot, and that all channels which contain traces of the Stantinko code have been removed from the platform.
A Resurgent 2019 for Attackers Across the Board
Malware has been in rampant operation so far, as cryptocurrencies have been a particular target of attackers across the world. While ransomware operators prefer to get paid in crypto before releasing the data of their victims, crypto jackers just go for the jugular, using a network of computers to mine their favorite crypto assets and profiting off the resources owned by others.
The 2019 #CloudSecurity Report sheds light on the top 3 cloud data leakage vectors: 27% is caused by #malware and #ransomware, 21% by compromised accounts, and 20% by misconfigurations. Get the report. https://t.co/2LZAprn6Rc pic.twitter.com/CQ9gowqfnM
— Check Point Software (@CheckPointSW) November 24, 2019
On November 26, the Microsoft Defender ATP research team shared insights on a new form of crypto-stealing malware, which, as they estimated, has infected almost 80,000 computers.
The malware, which they called Dexphot, has reportedly been in operation since October 2018, reaching its peak in June of this year. The code hijacks processes to disguise its activity, and when infected users try to remove the malware, monitoring services and scheduled tasks trigger the re-infection.
“Dexphot is not the type of attack that generates mainstream media attention; it’s one of the countless malware campaigns that are active at any given time. Its goal is a very common one in cybercriminal circles — to install a coin miner that silently steals computer resources and generates revenue for the attackers,” the report states.
The attacks have gotten so sophisticated, that they now target the cryptocurrencies at source. Earlier this month, a Reddit post published by the Monero development team revealed that the software available for download on the company’s official website had been retrofitted to steal currency.
Per the post, the Command Line Interface tools available at getmonero.org has been compromised, as the team discovered that the hash of the binaries available for download didn’t match the expected hashes. Government agencies in Finland are getting proactive in their fight against ransomware. Earlier this month, a government agency beefed up securities among its network of systems in preparation of an attack.