Researchers Discover New Cryptojacking Bot with Over 10 Million Infected IPs

Monero’s use in crypto-based criminal schemes has been rampant this year. A new report is now highlighting a novel malware that installs the asset’s famed miner on computers. Yesterday, internet security firm Guardicore Labs revealed that it had detected instances of new malware being deployed across millions of IP addresses. 

A Malware That Spans Multiple Industries

According to the report, hackers had targeted computers across several industries with a malware called FritzFrog. Some of the government sectors that have been affected include education, banking, healthcare, and even government organizations.

FritzFrog deploys a brute force attack on a computer’s security system. Once installed on a central server, it finds its way connected into computers. Once it gets in a computer, it runs a separate process known as “libexec” to execute XMRig, one of the most popular Monero-based mining malware. 

Guardicore confirmed that it has successfully breached over 500 SSH servers, with locations spanning the United States and Europe. This reach has allowed the malware to infect as high as 10 million IP addresses.

The firm also described FritzFrog as a rarity. They explained that tracking and understanding its operation was highly complicated, as the malware’s connections were hidden within a peer-to-peer network.

Ophir Harpaz, one of the firm’s top security researchers, commented:

“Unlike other P2P botnets, FritzFrog combines a set of properties that makes it unique: it is fileless, as it assembles and executes payloads in-memory. It is more aggressive in its brute-force attempts, yet stays efficient by distributing targets evenly within the network.”

The company recommended that server users and administrators adopt stronger passwords and public-key authentication methods to avoid the risk of hacks. 

Monero Malwares Continue to Thrive

Monero is becoming increasingly synonymous with crypto-malware attacks. The asset’s privacy focus and relatively high value have made it a more appealing choice for malware administrators, most of which have started moving away from Bitcoin over fears of increased tracking from authorities.

This week, cybersecurity researchers at Cado Security warned that they had detected the first recorded stealth crypto campaign to steal credentials from Amazon Web Services (AWS). As the report explained, the cryptojacking attack was pretty unsophisticated. However, it showed that hackers are beginning to adapt to the trend of companies moving their operations to cloud-based environments. 

Like FritzFrog, the hackers behind this attack also tried to deploy XMRig to mine Monero for their profit.

The cryptojacking problem spans beyond just the United States, however. Last month, Microsoft released its Security Endpoint Threat Report 2019, which confirmed that India encounters cryptojacking attempts at a rate of 4.6 times higher than the global average. Even at that, the country still lags behind Sri Lanka in the number of crypto mining attacks in the Asia-Pacific region.

Microsoft’s report pointed out that cryptojacking practices dropped in popularity since the crypto winter of 2018. Currently, only about 0.05 percent of computers have experienced a cryptojacking attack. However, the tech giant also warned that the increase in cryptocurrency prices could lead to a resurgence in these attacks. As global trends show, we might be witnessing just that.