Cryptojacking, also known as crypto mining, is an online threat hidden on a computer or a mobile device, using its resources to mine for cryptocurrencies. While doing so, cryptojacking takes over control of all types of technical devices and considerably impairs their functionality.
As malware goes, cryptojacking is a pretty nasty piece of work. The malware can infiltrate your computer without you knowing and once there, it makes itself right at home. It then proceeds to turn your machine’s processing power against you, using it to perform mathematical calculations to mine cryptocurrency for the hacker.
In the past, strong antivirus software has often worked well to limit infestation. However, there’s a new strand of malware that’s not only sliding under the radar but also spreading throughout networks to infest entire companies, without a signal trace.
Varonis vs. Monero-crypto
This latest strain is known as the Monero-crypto-mining campaign and was exposed by the security force at Varonis following a spate of complaints from clients. Problems ranged from issues with slow networks to applications that would not stay open or function properly. Suitably perturbed, the cybersecurity force probed further and discovered classic signs of cryptojacking, including network alerts that were out of place and suspect file activity.
Things got even hairier when Varonis started going from station to station. The cybersecurity team discovered that almost every server and physical piece of hardware was infected. They also found evidence of corruption via password stealers. Clearly, the anti-malware software on these computers was failing and drastic action was required.
Further analysis led to the conclusion that the virus was a variant of the malware nicknamed “Norman”—a discovery that piqued the interest of security experts. This variant was not only mining Monero efficiently, but it was also able to remain undetected.
This proved to be a troubling development in the battle between malware and the systems designed to halt it.
How Norman Evades Detection
The first of its evasive tactics is a trick whereby the mining application shuts down when a user opens Windows Task Manager. This shows up nothing suspicious to the average computer user. When Task Manager closes, the app reopens and gets back to work.
The malware also has the ability to communicate with an external command-and-control server, which allows the hacker to use the information received from the various instances of malware to analyze its performance. With this malware, the hacker can even shut down the virus or give it a different mission.
So far, it remains a mystery who installed it in the first place.
How to Protect Against Norman
To protect against Norman companies need to close their security gaps. Many organizations are failing in this area. Operating systems and software need to be kept up-to-date by applying cybersecurity updates and patches as soon as they come available. So many hackers and cybercriminals are intimately aware of existing vulnerabilities in the largest operating systems and will go after them to exploit the lazy.
Another big security play for organizations is to monitor CPU usage. This is not often done daily with plugged-in workstation computers in a professional environment. It’s easier to recognize this sort of malware on a battery-powered device such as a smartphone, as the battery will drain quite quickly (CPU power is used with no obvious app open).
The Future of Cryptojacking
There’s no doubt that cryptojacking is a very real concern. The malware used to “mine” cryptocurrencies is sophisticated and saps processing power, which can cause network problems and impact on the electrical infrastructure of a company. Unfortunately, it looks as though cryptojacking will be with us for a while, so we must be vigilant and guard against malware wherever possible.