Alt-Coin Cyber-Threat

Ghost-Miner: The Latest “Threat” to Land in Cyber-Space

As alt-coins get more popular, particularly Bitcoin, Litecoin, Etherium, and their lesser but also well-known counterparts Doge and Dash, cyber-criminals have found new wealth to extract from people’s machines. It should be noted that over the past decade or more, cyber-criminals realized they could get far more cash by searching machines for credit card, bank, paypal etc data and use that in combination with other details about their victim to impersonate and then steal their funds. By comparison, stealing CPU cycles is less damaging to the user by far! The worst that can happen with this form of crime is the user’s machine fan kicking up when it wouldn’t otherwise, and perhaps a greater draw on their electrical bill. Otherwise, victims of cyber-mining won’t be impacted much, particularly with newer machines with ample resources.

Webmasters are discovering ways to mine in-browser as well, with Coinhive making the news the hard way a few months ago when a major website did not first tell their visitors what they were up to. Coinhive mines a coin called Monero, which can then be exchanged for whichever coin the webmaster wants. Ethical use of this service has been created whereby webmasters can invite users to mine while browsing their site. For some webmasters, this is a request to help pay for the site’s upkeep and the webmaster keeps the coin. For others, like some of the faucets I’ve been using now, they will invite you to mine while you are using their faucet, and pay you in the form of an added bonus directly to your faucet account.

However, just like the first site to ever begin doing this, unscrupulous webmasters are now mining whether users want them to or not and browser plugins now exist to block these bits of mining javascript. A new mining browser plugin for Chrome promises to earn the user BTC using Coinhive as long as the tab is left open while they surf the web. Individual earnings this way are small, but Cryptotab promises much larger earnings if you add your friends to the mining pool as well. Not everyone is comfortable with this idea of contributing to a mining pool, but mining pools involving machines specifically set up to mine crypto-currency are popping up all over the place with some running massive datacentres in various countries around the world to accommodate the operation.

Miners DO make money in the crypto-currency space. Miner’s fees for Bitcoin skyrocketed last fall as the price of BTC soared and people jammed the miners’ networks with backlogged transactions. it is rather easy to see why cyber-criminals would want to move into this space. Currency is currency, commerce is commerce, and where a buck can be made, you’re sure to find a criminal trying to take advantage of others to do so.

What’s amusing about this latest find, is not that it’s a in-RAM mining tool, not that is spares the user ID theft problems, but the fact that this particular threat removes other mining tools it finds present! You have to read the article!

https://www.techrepublic.com/article/ghostminer-fileless-cryptomining-malware-has-code-that-kills-itself-and-other-strains/?linkId=49621629

One security lab has successfully extracted this portion of the miner code because they plan to use it against this new script! I’ve heard of malware in the past that would remove similar malware from other sources. One was a piece of code originally written to remove a rather nasty threat back when I was working techsupport around the world from my desk with YTO. Watching this malware work was fascinating because as it did it’s thing, you could then do the same thing to it and be done with the problem! As techs, we applauded the author of the code for making our jobs somewhat easier, even though in the end, we were removing their code too. The issue was an ethical one more than a functional one. Functionally-speaking, that malware was doing everyone a service by worming its way around the ‘net removing the much mor dangerous piece of code off people’s machines. Ethically, it wasn’t asking permission to do this and so it was seen itself as a threat. Such is the case with this latest miner code. Functionally, it’s not harming you or your system at all, its even removing miners you might not even know are there. But ethically, it is not getting your permission to do any of this, so it is naturally seen as a threat, let alone the fact that you aren’t getting a cut of any of the coin mined. If it asked for permission and then gave you a cut of the earnings, I’m sure more people would welcome such a bit of code.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.