14 DAY TRIAL // WebCobra, a new Russian cryptojacking malware, has been discovered by McAfee Labs' researchers and observed while infecting and using architecture-based miners for x86 and x64 machines.
"Recently we examined the Russian application WebCobra, which silently drops and installs the Cryptonight miner or Claymore’s Zcash miner, depending on the architecture WebCobra finds," said McAfee Labs.
While McAfee Labs was not able to pinpoint the way WebCobra is spreading, they believe that there is a very high chance the cryptojacker uses rogue PUP installers as the means of infiltration and main droppers.
Moreover, WebCobra was observed on infected computing systems from Brazil, South Africa, and the United States, and using a unique infection technique consisting of dropping different miner payloads on x86 and x64 architectures.
To be more exact, when it detects that the compromised system has an x86 architecture, WebCobra will drop the Cryptonight cryptocurrency miner, injecting into an already running process.
Furthermore, when the architecture of the infiltrated machine is x64, it will download Claymore’s Zcash miner from a remote server, launch it and start mining for crypto in the background, sending crypto coins into its masters' cryptowallet until an eventual detection and removal.
Cryptojacking attacks have surged since 2017, the number of detected events increasing by 459%
Cryptomining malware is quite widespread among malware peddlers given the minimal resources needed to get it going and the fact that this type of attack leaves very little traces behind.
Also, cryptojacking can be used to exploit a large variety of platforms and operating systems, ranging from mobile devices and computers to IoT devices such as TVs and routers.
According to an analysis by the Cyber Threat Alliance (CTA), cryptojacking security incidents have seen a 459% increase since 2017, the main reason behind this explosion of cryptocurrency mining malware being the increasing cryptocurrency value which makes this type of attack a very lucrative business.
In addition, as reported by Webroot in their mid-year threat report, cryptojacking now dominates the threat charts, surpassing ransomware as the most critical threat for the first half of 2018.
A massive increase in activity has also been detected in the second quarter of 2018, given that the number of cryptojacking samples identified has surged by 86% according to a McAfee Global Threat Intelligence report.
