Recent reports have shown that cryptomining or cryptojacking tools have begun to eclipse ransomware as the go-to for hackers. And now, not surprisingly, crypto crime is taking off, as is evidenced by two separate incidents.
Bancor, an Israeli cryptocurrency startup, said yesterday that a digital wallet on its network had been breached, resulting in a loss of $13.5 million worth of digital tokens. According to a tweet from Bancor, “A wallet used to upgrade some smart contracts was compromised.” The good news, according to another tweet from the company, was that no user wallet was affected. Bancor was able to contain the issue and is currently investigating the incident.
Meanwhile, MyEtherWallet (MEW), a service that is used to access digital wallets and transact with other wallets, was also the target of a cyberattack. The scope of the attack appears to be limited to customers—possibly 50 million—who access MEW via Hola, a free VPN service that plugs into browsers. TechCrunch reports, “The company said that Hola was compromised for a period of five hours, during which time any Hola users who navigated to MEW and accessed their wallet with the VPN switched on may have been affected.” MEW is advising customers who used Hola in the past 24 hours to transfer their tokens to a different wallet.
As cryptojacking tools emerge from the woodwork, it appears that existing threat vectors are being refreshed. Rakhni, one of the earliest forms of ransomware has just been updated, enabling it to choose whether to deploy ‘old-school’ ransomware or cryptomining malware, based on the environment targeted.
Relying on standard phishing and spam techniques, hackers send emails, attaching Microsoft Word DOCX files. If the targeted user opens the document and clicks on a PDF icon within it, Rakhni is activated.
It begins by scanning the computer. If it finds a Bitcoin folder, Rakhni runs a ransomware module. “The reasoning is unclear, but it may have to do with the ransomware attempting to encrypt a user’s wallet private keys and prevent the user from accessing his Bitcoin funds,” reports Bleeping Computer.
If no Bitcoin folder is found, Rakhni installs a cryptomining application from a remote server once it confirms the computer has sufficient power to do the job.
And if all of that isn’t enough, Doug Olenick reported yesterday in SC Media that The Pirate Bay (TPB), which has had its share of controversies, is now letting users know they will be subject to cryptomining. “TPB has started notifying its users that by just entering the site they give the peer-to-peer sharing site permission to take over their CPU to mine cryptocurrency, this after TPB was again caught using its customers to mine Monero without their knowledge,” writes Olenick.
We’ve known that the cybersecurity world has seemed a bit like the lawless ‘Wild West’ movies of years past. But as cryptocrime rises, it’s beginning to look more like the eerie, sci-fi futuristic show, Westworld.