rcfotostock - stock.adobe.com
Some of Southeast Asia’s largest economies have been hardest hit by a four-month-old cyber threat campaign that sneaks cryptocurrency mining software into user devices without the knowledge of victims.
According to research by Palo Alto Network’s Unit 42 threat intelligence team, Thailand, Vietnam and Indonesia are among countries that have recorded the highest number of downloads of the XMRig software used to mine Monero, a cryptocurrency that can be mined by average computers and even smartphones.
In pole position was Thailand, which recorded more than 3.5 million XMRig downloads, followed by Vietnam (1.8 million) and Indonesia (988,000). Egypt (1.1 million) and Turkey (665,000) were the only non-ASEAN countries in the top five.
“While XMRig isn’t itself specifically malware, it’s being delivered using malware-delivery techniques without the user’s knowledge and consent just like malware,” wrote Christopher Budd, senior threat communications manager at Palo Alto Networks in a blog post.
“The attackers are doing this by using URL shorteners to make XMRig look like other legitimate and expected programmes. This is a method attackers have used for years to deliver malware and they are using it now to get coin-mining software on to people’s systems illicitly,” he added.
Despite employing known tactics and techniques, this latest threat campaign, which Budd noted was “clearly very successful based on its size, scope and age”, could have affected 30 million people worldwide.
With the surging value of cryptocurrencies in recent months, cyber security experts have warned that cryptocurrency-focused threats could intensify in 2018.
Read more about cyber security in ASEAN
- Cyber resilience remains low across Southeast Asia, a regional economic powerhouse that is increasingly susceptible to cyber threats as its digital economy grows.
- The personal data of more than 46 million mobile phone users in Malaysia was reportedly leaked online in possibly the biggest data breach in the Southeast Asian country.
- The Malaysian government will work with Chinese technology giant Huawei to deepen its capabilities in combatting cyber threats.
- Singapore’s Ministry of Defence is getting white hat hackers to identify loopholes in its internet-facing IT systems in the country’s first government-led bug bounty programme.
“Ironically, in many cases the mining isn’t only running unbeknown to users but also to site owners themselves,” wrote Jérôme Segura, Malwarebytes’ lead malware intelligence analyst, in an October 2017 report.
“For instance, CBS’s Showtime was reported as running a miner on its site for a brief period of time, which resulted in some bad PR.”
According to Proofpoint, the operators behind Smominru had already pocketed about 8,900 Monero valued at between $2.8m and $3.6m.