Microsoft: Cryptojackers Continue to Evolve to Be Stealthier and Spread Faster

guest · Aug 19, 2022

August 19, 2022

Trojanized crypto-currency miners, also known as cryptojackers, continue to spread across computers around the world, while also becoming stealthier and increasingly avoiding detection.

The data comes from Microsoft’s 365 Defender Research Team, who published a new analysis of cryptojackers on Thursday on its blog.

“In the past several months, Microsoft Defender Antivirus detected cryptojackers on hundreds of thousands of devices every month,” read the technical write-up.
“These threats also continue to evolve: recent cryptojackers have become stealthier, leveraging living-off-the-land binaries (LOLBins) to evade detection.”
Click to expand...

According to the Microsoft report, cryptojackers are using different tactics to force a device to mine cryptocurrency without a user’s knowledge or consent. The most common ones are potentially unwanted applications (PUAs) or malicious executable files placed on the devices and using system resources to mine cryptocurrencies.

Additionally, Microsoft said cryptojackers are often created using the Javascript programming language and, in this case, infiltrate systems via browser. The technology giant also warned that some cryptojackers are fileless, and in this case, they perform mining in a device’s memory and achieve persistence by misusing legitimate tools and LOLBins.
Click to expand...

Microsoft: Hardware-based threat defense against increasingly complex cryptojackers

Looking at the current cryptojacker landscape
There are many ways to force a device to mine cryptocurrency without a user’s knowledge or consent. The three most common approaches used by cryptojackers are the following:

Executable: These are typically potentially unwanted applications (PUAs) or malicious executable files placed on the devices and designed to use system resources to mine cryptocurrencies.

Browser-based: These miners are typically in the form of JavaScript (or similar technology) and perform their function in a web browser, consuming resources for as long as the browser remains open on the website where they are hosted. These miners are commonly injected into legitimate websites without the owner’s knowledge or consent. In other cases, the miners are intentionally included in attacker-owned or less reputable websites that users might visit.

Fileless: These cryptojackers perform mining in a device’s memory and achieve persistence by misusing legitimate tools and LOLBins.

Click to expand...

Rasheed187 · Aug 20, 2022

Interesting stuff. But HIPS should be able to tackle this attack in different stages, it should notice the process hollowing, outbound connections and new task's being added to the task scheduler. I don't see how ''hardware based'' security should play a role in spotting this attack, but I guess it sounds kinda cool.

Log in or Sign up

Microsoft: Cryptojackers Continue to Evolve to Be Stealthier and Spread Faster

guest Guest

Rasheed187 Registered Member

Log in or Sign up

Microsoft: Cryptojackers Continue to Evolve to Be Stealthier and Spread Faster

guest Guest

Rasheed187 Registered Member

Useful Searches