Malicious Chrome extension attempted to infect tens of millions of users to mine the Monero cryptocurrency.
Cryptocurrencies are trending and with the rise in popularity has come a rise in its mining. Cryptomining partly determines currency value, however, mining can be expensive, as it requires high amounts of processing power, which can be achieved through huge server farms. Constructing and maintaining the infrastructure, and accessing the electricity necessary to run these farms requires enormous financial investment. To save on costs, cybercriminals instead resort to using the power of your PC or smartphone to mine, and in many cases, they aren’t asking your permission.
Nearly 35 million was a huge spike, compared to the number of times we blocked this miner from mining on our users PCs in the days prior, as can be seen in the chart below.
We have seen several types of cryptomining malware this year, including Adylkuzz which peaked in May, and cryptomining malware that targeted mobile users last month. These examples and the miner that peaked on Sunday have one thing in common: They mine the Monero cryptocurrency. So the question is, why do they all mine Monero and not Bitcoin or any other cryptocurrency?
One reason might be that Monero keeps transactions private, which also comes in handy for the cybercriminals if they want to obscure their activities. Monero uses three different privacy technologies to hide the sender, amount being sent and the recipient, obscuring transaction details. Therefore, Monero has become very popular in general, and its value has grown from under $2 to over $200, which is probably another reason why Monero is the cybercriminals’ currency of choice. While Bitcoin is widely used, it doesn’t keep transactions private and is more difficult to mine compared to Monero, which can be reasonably mined using a browsers’ CPU power.
Avast antivirus products detect these embedded miners. In addition, there are a few other strategies you can employ to see if your browser is mining:
Information belonging to over 100 Italian banks breached by the Ursnif banking trojan was obtained by Avast Threat Labs, which then shared the data with as many of the victims as could be identified.
Avast researchers obtained information that the Ursnif banking Trojan has targeted 100 Italian banks and may have thousands of victims.