OpenCL is mandatory for cgminer, which is by default not installed on Windows computers. Cgminer is a multi-threaded multi-pool FPGA and ASIC miner and relies on the OpenCL framework to perform the hashing computations for Bitcoin mining. The Bitcoin miner, however, is actually a wrapped version of an abused legitimate tool called cgminer, version 3.7.2 to be exact. On each victim computer this malware is uniquely obfuscated to evade antivirus detection. It typically creates a random folder under the %AppData% folder and has a random filename of typically 5 or 6 characters, e.g.: C:\Users\\AppData\Roaming \Iquha\ruyvy.exe Citadel is based on the Zeus banking malware, also known as Zbot. We found that a Citadel trojan in this attack pulled in the Bitcoin miner about a minute after the PC got infected. And infected users will certainly notice the stressed out processor and/or GPU, which seriously hinders normal work or gaming. In fact, this miner is easily picked up by antivirus software. And contrary to popular belief, click fraud and banking malware is a lot faster lucrative than mining Bitcoins with malware, as a miner likely requires specific hardware to be effective and that it will not survive long on a victim’s computer. We saw the Bitcoin miner too but omitted it from our initial excerpt because, according to our own telemetry, only 4% of the victims that we rescued received this malware. The story is not completely wrong but, when you read those articles, the perception now is that the entire attack revolved around Bitcoin mining, which is false. I am personally a bit surprised that the BBC, The Guardian and even Interpol tweeted about it, as Light Cyber provided little to no details or evidence. Last Monday the Israel-based security company Light Cyber spread a much hyped press release that most of the malware was used to mine Bitcoins. Last Friday security researchers from Fox-IT noticed that Yahoo was inadvertently spreading malware via its advertisement services.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |