rcfotostock - stock.adobe.com

ASEAN nations among worst hit by cryptocurrency-mining operation

Thailand, Vietnam and Indonesia recorded high download numbers for the XMRig software that was surreptitiously slipped into user devices to mine Monero

Some of Southeast Asia’s largest economies have been hardest hit by a four-month-old cyber threat campaign that sneaks cryptocurrency mining software into user devices without the knowledge of victims.

According to research by Palo Alto Network’s Unit 42 threat intelligence team, Thailand, Vietnam and Indonesia are among countries that have recorded the highest number of downloads of the XMRig software used to mine Monero, a cryptocurrency that can be mined by average computers and even smartphones.

In pole position was Thailand, which recorded more than 3.5 million XMRig downloads, followed by Vietnam (1.8 million) and Indonesia (988,000). Egypt (1.1 million) and Turkey (665,000) were the only non-ASEAN countries in the top five.

“While XMRig isn’t itself specifically malware, it’s being delivered using malware-delivery techniques without the user’s knowledge and consent just like malware,” wrote Christopher Budd, senior threat communications manager at Palo Alto Networks in a blog post.

“The attackers are doing this by using URL shorteners to make XMRig look like other legitimate and expected programmes. This is a method attackers have used for years to deliver malware and they are using it now to get coin-mining software on to people’s systems illicitly,” he added.

Despite employing known tactics and techniques, this latest threat campaign, which Budd noted was “clearly very successful based on its size, scope and age”, could have affected 30 million people worldwide.

With the surging value of cryptocurrencies in recent months, cyber security experts have warned that cryptocurrency-focused threats could intensify in 2018.

Already, the number of infections brought about by websites running a JavaScript that invokes the Coinhive Monero miner has grown from under 2,000 in November 2017 to 18,000 by early December 2017, according to Sophos.

JavaScript miners like those from Coinhive are added to websites and run in the browser, using visitors’ CPUs to generate cryptocurrency in what is known as drive-by mining. Users may notice poor performance, a spike in CPU usage and batteries draining faster than usual.

Read more about cyber security in ASEAN

  • Cyber resilience remains low across Southeast Asia, a regional economic powerhouse that is increasingly susceptible to cyber threats as its digital economy grows.
  • The personal data of more than 46 million mobile phone users in Malaysia was reportedly leaked online in possibly the biggest data breach in the Southeast Asian country.
  • The Malaysian government will work with Chinese technology giant Huawei to deepen its capabilities in combatting cyber threats.
  • Singapore’s Ministry of Defence is getting white hat hackers to identify loopholes in its internet-facing IT systems in the country’s first government-led bug bounty programme.

“Ironically, in many cases the mining isn’t only running unbeknown to users but also to site owners themselves,” wrote Jérôme Segura, Malwarebytes’ lead malware intelligence analyst, in an October 2017 report.

“For instance, CBS’s Showtime was reported as running a miner on its site for a brief period of time, which resulted in some bad PR.”

Besides JavaScript miners and the likes of XMRig, cyber criminals have also been using botnets to mine Monero, in the case of the Smominru botnet that exploited the EternalBlue Server Message Block vulnerability to infect over 500,000 Microsoft Windows computers.

According to Proofpoint, the operators behind Smominru had already pocketed about 8,900 Monero valued at between $2.8m and $3.6m.

Read more on Endpoint security

Data Center
Data Management