What’s All This About “crypto-jacking” Malware?

What’s all this I hear about “crypto-jacking” malware that does “drive by” crypto-currency mining on people’s computers without their knowledge and permission?

How prevalent of a threat is it?

And which anti-malware programs thwart it?

 

Thanks, Tim, but this article is just about cryptocoin mining, which I’ve read a number of things about already.

What I’m asking about is malware that allows someone to covertly hijack the computers of a large number of unsuspecting members of the public, to use their number crunching power to profit only the perpetrator.

 

It's actually fairly dangerous. I think the biggest risk is messing with unknown extensions. There are extensions masquerading as all kinds of things, including anti-mining, and the hackers even spam the ratings for the extension to make it look popular. Forgeries of basically all the extensions of the large a-v companies have been even available via Google Chrome.

Crypto miners were first bundled with Eternal Blue/Double Pulsar during the same period as wannacry that shut down all the hospitals and so on. It spread really fast in that form. Think it's still in that form, but Windows has been patched to stop the protocol that was used for spreading it and wannacry across a network.

Basically, it hijacks your system resources and uses them for mining. The latest I saw is that it is exploiting browsers through java in web pages to use the browser's connections to do the mining. It's in memory malware while it's running as part of a browser, so I don't think there is much that can be done other than close the infecting page, close browser. When reopening the browser, as long as the page doesn't reopen, I believe it would be stopped. If it came from an extension, the extension would have to be disabled and removed to stop the activity. Anyway, running in the browser's memory it's going to be confined in the container of the browser. Firefox and Chrome both are fairly restrictive containers. If the malware could attempt to contact cmd.exe or another script interpreter (cscript.exe/wscript.exe etc.), you still have your security software to monitor for it. The worst case I think is if it's in installed as trusted software (by security soft) other than a browser or the extension.

I think script monitoring is becoming more important to have. The even good standard security programs protect very well these days, but if something should get by say a browser and find a way to drop a file and run script (this is HARD to achieve), something to monitor scripts like they are a standard exe is really critical. NVT ERP does this, along with Comodo (all products). Various other softs do forms of this, but all of them monitor command line in some way and for some purpose or at least the good ones...

If you experience drags on system resources like processor, RAM, and high network usage when you aren't using the internet for much, only time I would think twice about crypto at this point. It's scary because the most common forms of it are in memory and fileless basically and because of the association with EB/DP...