Cryptocurrencies may be losing value against the dollar right now, but they are still a very desirable asset for cybercriminals everywhere.
According to a new Microsoft report, the popularity of cryptojacking is still relatively high and new malware variants are coming with advanced features and new ways to avoid detection.
In a blog post, Microsoft explained it detects cryptojackers on “hundreds of thousands” endpoints every month via its in-built Windows antivirus service.
Cryptojackers are a type of malware that mines specific cryptocurrencies and sends the coins to a wallet owned by the hackers. The malware will not destroy the device it infects, and is not interested in stealing sensitive data from the victim, but will absorb much of the device’s computing power.
For that reason, cryptojacking operators are usually not interested in consumer-grade devices, but have rather set their sights on servers and virtual machines, which are usually more powerful and capable of mining more tokens, as compared to regular PCs and laptops.
Among the most popular cryptojackers is XMRig, a piece of malware mining the Monero token (XMR). Monero is a relatively old cryptocurrency, one that promises full anonymity to its users and, as such, is immensely popular among crooks and people dealing in illegal trade.
Bitcoin, together with other cryptocurrencies, has been in a decline for the entire year. After hitting a high of approximately $68,000 in November last year, the world’s most popular cryptocurrency fell to roughly $17,000, before rebounding to the current $21,000.
Despite the unfavorable outlook at the moment, cybercriminals are still developing cryptojackers. Microsoft says the latest ones have become stealthier, “leveraging living-off-the-land binaries (LOLBins) to evade detection".
Most antivirus solutions should be able to spot them, though. Microsoft says it is able to detect cryptojacking by, among other things, analyzing CPU signals for patterns modeled after cryptojacking activity.
- Here's our take on the best ransomware protection right now