Are you experiencing a somewhat slow, loud and warm computer of late? If so, you might have had your computer infected by a new crypto scam that is believed to have originated in Russia. According to the report, a Russian-built malware program that has the potential to steal your computational power is doing the rounds.
The malware has been specifically built to mine ZCash or Monero, without the user becoming aware of the installation. The malware is believed to be so advanced that is has the ability to determine the most efficient and profitable mining program, based on the specific configuration of the infected computer.
For example, whilst the Claymore ZCash miner is being infected on Windows x64 systems, Cryptonight is being installed on x86 systems.
The research team at McAfee labs, an offshoot of the hugely popular anti-virus software organization founded by John McAfee, believe that the infection is being facilitated via a suspicious Microsoft installation program.
Researchers at McAfee labs argue that the dark side of cryptocurrency scams will only continue to grow in size. They suggest that an increase in the value of cryptocurrencies will only spurn criminals on further, adding that mining-related malware programs will ultimately become more and more sophisticated.
Although this particular piece of malware is believed to have originated in Russia, the report indicates that those residing in the U.S., South Africa and Brazil have been hit the hardest.
Remote Mining Scams are Being Favored by Criminals
One of the key factors motivating criminals to employ advanced remote mining malware is that the act carries little risk. First and foremost, criminals are able to remain largely anonymous, as malware can be infected on to a user’s machine with minimal risk. Moreover, the underlying anonymous nature of cryptocurrencies, especially regarding privacy coins such as ZCash and Monero, afford criminals an even greater shield of protection.
Read: What are Privacy Coins?
Just last month, it was reported that CoinHive – a browser-based cryptocurrency mining extension, is raking in close to $250,000 a month. However, it is also believed that vast amounts are being raked in by criminals that remotely install the extension on to unsuspecting computers.
The CoinHive concept involves using a small portion of computation power, allowing users to mine Monero in the background, whilst navigating through the web.
One such avenue that criminals have taken to abuse the CoinHive model is to register malicious domains that resemble popular websites such as Facebook and Twitter. Regarding the latter, a user registered the domain “Twitter.com.com” and subsequently installed the CoinHive JS library within the page’s code. Anyone who mistakenly visited the aforementioned domain will have instantly noticed it wasn’t the official Twitter homepage, however the visit is enough for the malware to begin mining Monero for the site’s owner.
Cryptocurrency Mining Scams get Smarter
On top of domain registration ploy, hackers are also targeting victims via malicious ads. The scam works by displaying an ad that advises the user that their computer is at risk of infection, subsequently directing them to a fake tech support page. Those that fall victim to the scam would then have the CoinHive extension remotely installed in to their browser, consequently allowing the criminals to mine Monero without the user knowing.
Due to the underlying nature of malicious malware, it is often a somewhat difficult task for users to know that they have been affected by the scam. In most cases, the performance of the user’s computer is a good indication on whether a mining program is secretly running in the background. This generally includes a slow machine that sounds louder than usual. You may also notice that your computer is constantly overheating.