As cryptomining continues to rule the cybercrime scenario, cybercriminals are designing innovative ways to drain people’s cryptowallets. Scammers are still doing their best to make the most out of their resources to launch leading-edge scam attempts. The increase in scams is mainly attributed to the failure in implementing appropriate fraud protection measures and unfortunately, popular cryptomining platforms including Coinbase and Bitcoin lack the necessary security features that they need to prevent fraudulent cryptomining activities.
Cybercriminals typically operate by directing victims to a fraudulent call center through counterfeit Twitter Coinbase accounts and malicious search results. The way in which the scam is executed is remarkable. The scammers would assist the prospective users in setting up user accounts and in that process, they would copy the login credentials to their systems. Different groups of threat actors act differently, with some getting access to people’s cryptowallets by providing fake customer support and some choosing to drain wallets in their leisure time by using the credentials they once copied to their systems.
Additionally, scammers are even resorting to API abuse to freeze their victims’ browsers with the primary target being Chrome, followed by Brave and Firefox. Fraudsters that operate by providing fake tech support services mainly depend on gaining control of easily-exploitable business functions rather than on specific tools. Apart from exploiting security flaws in Bitcoin transactions, scammers are capitalizing on the long patch lag time for tech support cases to make large profits. In January of this year, processors were greatly impacted by vulnerabilities namely, Meltdown and Spectre. While Meltdown was exclusively used against Intel processors, Spectre could attack almost all processors. These vulnerabilities can be used to access people’s login credentials, banking information, and personally identifiable information. Notably, Microsoft, Intel, and other vendors have implemented patches, but there are issues that may need to be addressed in the long run.
In our previous articles, we have discussed how a growth in cryptocurrency value has prompted cybercriminals to deliver upgraded miners to infected systems. If the cryptocurrency trend continues, cybercriminals may move a step further to modify malware to support malicious cryptomining activities. We had also mentioned that ransomware has evolved into new families in the first quarter of this year and that some big families have suspiciously disappeared from the threat scenario. In the last quarter, we have witnessed an extensive use of RIG exploit kits to deliver miners and malwares into victims’ systems. As the malware landscape continues to adapt to changes, cybercriminals are not only doing their best to capitalize on the anonymity associated with digital currencies, but also on designing special types of malware that are specially geared to promote malicious cryptomining.
You may think that malicious cryptomining is far less harmful than other types of malware or ransomware, the fact remains that you should not underestimate its long-term impact. Unmanaged miners may contribute to system-overload, disrupting business processes and forcing the systems to shut down or become unresponsive.