Malware disguised as images to create cryptocurrencies

Hackers' goal was to install miners, legitimate programs used to generate virtual currencies. Mainly affected companies

Hackers continue to infect users with malware that are used to download programs to generate cryptocurrencies on computers. After the case discovered by Kaspersky Lab, an investigation conducted by a group of researchers from IBM X-Force confirms the use of viruses to create virtual currencies.

The stratagem always follows the same script: cybercriminals attack victims with the aim of installing on the machines of the miners, legitimate software used to produce cryptocurrencies. IBM's cybersecurity department detected the hackers' malicious activity by monitoring servers and corporate systems from January to August 2017. As a result, the team of experts was able to identify numerous cyber breaches aimed at installing tools to generate the virtual currency. The hackers first infected the CMSs of some platforms, from which the programs used for mining activities were then downloaded.

Fake images were used

In particular, the software was hidden on Joomla, WordPress and Jboss. Once the attackers had managed to breach the platforms, they would insert the installer, the program that servers to install the miners, inside some fake images. According to always IBM X-Force's discovery, the hackers particularly hit the industrial sector. Researchers have not been able to reconstruct the scope of the attack and the number of compromised companies.

The attackers infected platforms to hide mainly a modified version of Minerd, a legitimate program used to create cryptocurrencies.

Why "mining malware" has grown

The aim of the hackers, as seen, was precisely to create cryptocurrencies. Among the various virtual currencies, it seems that cybercriminals were especially interested in generating Monero. Mining is very complex and requires high-performance computers. That's why these types of cyber attacks have increased recently.