Researchers at computer security firm McAfee Labs discovered a lethal new cryptojacking malware called “WebCobra,” which steals victims’ computing power to mine the cryptocurrencies Monero or Zcash secretly.
The spike in cryptocurrency prices has inspired a new wave of cybercriminals, who use malware to cannibalize unsuspecting victims’ computers to mine crypto.
McAfee Labs says the Russian application WebCobra stealthily installs the Cryptonight miner or Claymore’s Zcash miner, depending on the configuration of victims’ machine.
“On x86 systems, it injects Cryptonight miner code into a running process and launches a process monitor,” McAfee observed. “On x64 systems, it checks the GPU configuration and downloads and executes Claymore’s Zcash miner from a remote server.”
While the malware originated in Russia, researchers claim they have spotted it around the world, with the highest number of infections found in Brazil, South Africa, and the United States.
WebCobra adjusts its malware depending on the configuration of your computer. (Image: McAfee)
There is plenty of mining malware nevertheless which, according to Trend Micro, remain undetectable due to their higher sophistication, reported CCN. That said, most users – and even detectors – would not be aware of an intrusion unless their computer acts sluggish or breaks down entirely. By that time, it may be too late, and the victim could be left stuck with a massive bill since crypto-mining uses a lot of electricity.
McAfee report recommended users to look out for signs from their computers. For instance, if they are acting sluggish for no concrete reason, then they may be affected by one of the malware.
“Once a machine is compromised, a malicious app runs silently in the background with just one sign: performance degradation,” McAfee Labs warned.
“As the malware increases power consumption, the machine slows down, leaving the owner with a headache and an unwelcome bill.”
Cryptojacking has surged a whopping 459% in 2018, according to the Cyber Threat Alliance (CTA). The unexpected spike has been blamed on the leak of EternalBlue, a software vulnerability in Microsoft’s Windows operating system.
Experts say Microsoft and the National Security Agency are both responsible for the leak, which occurred in April 2017 when a group called the “Shadow Brokers” put a packet of stolen NSA tools on the market.
The packet was used to develop malicious crypto mining software that has been hard to stop.