The 2019 Cryptocurrency Anti-Money Laundering (AML) report reveals that the first six months itself has seen $4.26 billion lost to thefts, scams, and Ponzi schemes. $1.2 billion has been lost to crypto thefts in the first three months itself and the number has been on the rise.
There are multiple ways for these shady hackers to get their hands on your digital assets stored on your electronic devices. From hacking assets stored in the hot wallet of your crypto exchanges to infecting your computer with malware and ransomware, the cryptocurrency space is looming with dangers.
Cryptojacking is a modern-day technique that is used by some of these hackers to stealthily steal the physical resources of the victim’s hardware to mine cryptocurrency. While the rate usual ransomware attacks have declined, the rate of the more dangerous cryptojacking attacks is on the rise.
According to the IBM X-Force Threat Intelligence Index 2019 report, Cryptojacking attacks have surged by 450 per cent over the last few years. This type of attack is far more dangerous as the victim is completely unaware of the malware stealthily consuming the computational power.
Talking about the rising Cryptojacking attacks, Wendi Whitmore, global lead of the IBM X-Force Incident Response and Intelligence Services (IRIS) team, said in an interview:
“It appears, for a variety of reasons, cybercriminals are getting less money from ransomware attacks and potentially getting a better return on their investment and their time from Cryptojacking.”
Latest reports reveal that one such cryptojacking virus is circulating the crypto community infecting the computers of the victims and stealing confidential information while disguising itself as a jpeg image of popular pop star Taylor Swift.
As soon as the unaware victim opens the image, the powerful botnet starts a chain of events in the background that infects hardware and steals victims’ credentials, installs a Trojan module and a crypto miner, and propagates inside the network.
The reason hackers’ use this technique, is to trick security software running on enterprise networks. These security products will only see a host system downloading a banal JPEG file, rather than a dangerous EXE file.
The team behind the botnet is popularly known as MyKingz. Their malware first surfaced in 2017 and has grown to become the largest crypto-mining malware. The people behind MyKingz mainly focus on attacking windows systems where they generate profit by mining the cryptocurrency Monero.
The botnet features one of the most diversified internet scanning and infection mechanisms. If there’s a port or vulnerability to be scanned or exploited, MyKingz is involved to some degree. Everything is targeted, from MySQL to MS-SQL, from Telnet to SSH, and from RDP to rarer stuff like IPC and WMI.
While each infected machine may only generate a few pennies worth of the cryptocurrency each day, the entire botnet itself is estimated to have earned the hackers over $3 million since 2016.
This isn’t the first time a celebrity’s photo has been used to house a malicious botnet. Last year the attackers used the photo of famous actress Scarlett Johansson to execute a similar type of attack. The malicious code was appended to the picture of the actress and was uploaded on popular image hosting platform imagehousing.com.
From scamming on Tinder to infecting computers using photos, the crypto industry is plagued by different kinds of threats. As the cryptocurrency space matures and evolves, it continues to have criminals hanging on, looking for scraps.