For several years, malicious hackers have been increasing their ingenuity in the face of the amount of wealth present in the crypto ecosystem. Along with DeFi hacks, some hackers are attacking networks of machines to mine cryptocurrencies without their knowledge.
Mining cryptos without your knowledge: a strategy that pays off
Malware has been on the rise for several years. Their objective: to mine cryptocurrencies without your knowledge. Last May, the company Red Canary had identified more than 1,000 machines infected by such software.
And this Thursday, December 2, it is the turn of the company Sophos to publish a report on this scourge that are crypto-malwares. It particularly focused on the malware called “Tor2Mine”.
According to the study, malicious mining campaigns were on the decline in recent months. However, new variants of the Tor2Mine software have recently been identified. These are proving to be more virulent than previous iterations of the software.
The importance of updates against malware
As we have just seen, Tor2Mine is a malware that, once installed on a machine, will mine monero without its knowledge.
In practice, Tor2Mine targets machines that have not performed the latest Windows security updates. On these machines, the software is able to exploit vulnerabilities in order to access the credentials of the machine’s administrator. Once it has this information, the software will scan the network to identify other machines to infect.
“On systems where it manages to obtain administrator credentials, Tor2Mine installs executables as a service, then searches for other machines on the network on which it can remotely run installation scripts to spread further.”
Sophos report
Obviously, given its method of propagation, the operators of this malware are primarily targeting corporate networks with many machines.
Due to its virulence, Tor2Mine is extremely difficult to get rid of once it has started infecting a network.
“Unlike other miners, Tor2Mine is much more difficult to eradicate once it gains a foothold on a network without the help of endpoint protection software and other anti-malware measures. Because it spreads laterally from the initial point of compromise, it cannot be eliminated simply by patching and cleaning a system. The miner will continually attempt to reinfect other systems on the network, even after the miner’s C2 server has been blocked or taken offline.”
Sophos report
Obviously, these programs mine monero primarily for its anonymization mechanisms. This phenomenon is such that 5% of the total XMRs created were created by software mining cryptocurrencies without the users’ knowledge.
