Zcash Malware - is in the news

WebCobra’: McAfee Spots Russian Malware Mining Monero and Zcash

Researchers at computer security firm McAfee Labs discovered a lethal new cryptojacking malware called “WebCobra,” which steals victims’ computing power to mine the cryptocurrencies Monero or Zcash secretly.

The spike in cryptocurrency prices has inspired a new wave of cybercriminals, who use malware to cannibalize unsuspecting victims’ computers to mine crypto.

Infections Spotted In Brazil, South Africa, USA

McAfee Labs says the Russian application WebCobra stealthily installs the Cryptonight miner or Claymore’s Zcash miner, depending on the configuration of victims’ machine.

“On x86 systems, it injects Cryptonight miner code into a running process and launches a process monitor,” McAfee observed. “On x64 systems, it checks the GPU configuration and downloads and executes Claymore’s Zcash miner from a remote server.”

While the malware originated in Russia, researchers claim they have spotted it around the world, with the highest number of infections found in Brazil, South Africa, and the United States.

WebCobra crypto mining malware

WebCobra adjusts its malware depending on the configuration of your computer. (Image: McAfee)

There is plenty of mining malware nevertheless which, according to Trend Micro, remain undetectable due to their higher sophistication, reported CCN. That said, most users – and even detectors – would not be aware of an intrusion unless their computer acts sluggish or breaks down entirely. By that time, it may be too late, and the victim could be left stuck with a massive bill since crypto-mining uses a lot of electricity.

Is Your Computer Slower Than Normal?

McAfee report recommended users to look out for signs from their computers. For instance, if they are acting sluggish for no concrete reason, then they may be affected by one of the malware.

“Once a machine is compromised, a malicious app runs silently in the background with just one sign: performance degradation,” McAfee Labs warned.

“As the malware increases power consumption, the machine slows down, leaving the owner with a headache and an unwelcome bill.”

Cryptojacking has surged a whopping 459% in 2018, according to the Cyber Threat Alliance (CTA). The unexpected spike has been blamed on the leak of EternalBlue, a software vulnerability in Microsoft’s Windows operating system.

Experts say Microsoft and the National Security Agency are both responsible for the leak, which occurred in April 2017 when a group called the “Shadow Brokers” put a packet of stolen NSA tools on the market.

The packet was used to develop malicious crypto mining software that has been hard to stop.

I would prefer some more respectable security firm confirms it, i honestly dont believe a word that comes out of McAfee labs.


I definitely feel your sentiment but I don’t think McAfee is behind them anymore.

I don’t know on whether I believe it or not.

McAfee has for years now nothing more to do with McAfee Anti-Virus programs/Labs. He sold the company and that’s it, not involved in anything they are doing. Just as a side note.

From wiki: The company was purchased by Intel in February 2011, and became part of the Intel Security division.

malware called “webcobra” is somehow lethal? that do you have a link to the original article? Is it like death by giffing? how is it lethal?

I really hope this isn’t hyperbole. :slight_smile:

1 Like

Here is the link to the original article.

Here is a link directly from the McAfee Site, so you have it from the horses mouth and not a third party site. And below are third party sites for shock and Awe

Also here are additional news links about the same topic


From what i got out they mine it with slushpool … not that any pool mostly cares about it…

This configuration file contains:

1 Like