Okay… We already know: your blockchain is unassailable. But you still need to update your antivirus software. If not, this monomer miner (XMR) could snap up your network.
In a new report published by cybersecurity firm Sophos, which has more than 500,000 companies as its customers, it claims that a new variant of the crypto miner Tor2Mine is infecting computer networks to mine XMR, a popular privacy cryptocurrency known to be difficult to track.
“All the miners we’ve discovered recently are monero miners,” Sean Gallagher, a threat researcher at Sophos and author of the report, said in a telephone interview with Decrypt.
According to Gallagher, malware looks for holes in a network’s security, often in the form of systems that have not had their security features (including antivirus or anti-malware software) updated or patched.
When installed on a server or computer, malware will look for other systems to install its crypto miner to realize maximum profits.
Hacks remain a major concern for projects from Decentralized Autonomous Organizations (or DAOs) and Decentralized Finance (or DeFi), which are more vulnerable to more than intrusions into autonomous contracts.
This Thursday (2), BadgerDAO was hacked and lost $120 million in a breach of its interface, according to cybersecurity company PeckShield.
“Once a foothold is established on a network, it’s difficult to eliminate it without the assistance of software with protection parameters and other anti-malware measures,” said Gallagher.
Monero and Esperanto
“Since it spreads laterally and away from the compromised starting point, it cannot be eliminated just by fixing and cleaning a system. The miner will continue to try to reinfect other systems on the network, even after the command and control server for the miner has been blocked or shut down.”
In other words, Tor2Mine quickly spreads to all systems on a network, installing the crypto miner wherever it can, meaning it’s not easy to remove.
By generating far less revenue than other attacks such as ransomware, mining malware applications need to infect as many systems as possible to make the intrusion worthwhile.
Gallagher told Decrypt that one sign that a system is infected is unusually high processing power usage, reduced performance, and higher-than-normal electricity bills. It’s like you’re mining crypto yourself.
Monero, which means “currency” in Esperanto, has become the favorite of cybercriminals because of its many privacy features that make tracking difficult, unlike bitcoin (BTC) and ether (ETH).
Wallet addresses and transactions on Monero are difficult to track because of the use of “circular signatures” (or “ring signatures”) and untraceable addresses (or “stealth addresses”), which hide the identities of both the sender and the recipient.
Sophos recommends fixing vulnerabilities in systems exposed to the internet, such as web applications, virtual private network services (or VPNs), and email servers, and installing anti-malware products to make them far less likely to be hacked.
While Sophos develops its own products, Gallagher only suggested one type of protection: “Any antivirus is better than no antivirus.”
*Translated and edited by Daniela Pereira do Nascimento with permission from Decrypt.co.