Article page new theme
Sci & Tech

Iran CERTCC: Cryptojacking Malware Goes Viral

With the unbridled rise of cryptocurrencies both in terms of popularity and value, cybercriminals are exhausting all possible methods to earn money from the buzzing technology, one is cryptojacking
[field_highlight-value]

Iran’s cybersecurity authority has cautioned computer users about a piece of cryptojacking malicious software which has gone viral in the country since April 1.

Through its website, Iran’s Computer Emergency Response Team Coordination Center (Iran CERTCC) has issued an alert about a widespread cryptojacking malware attack.

With the unbridled rise of cryptocurrencies both in terms of popularity and value, related jargons to virtual currencies are becoming buzzwords around the globe, including cryptojacking.

Cryptojacking is a form of cyber attack through which hackers harness victims’ computer processing power to mine cryptocurrency on the hacker’s behalf. This form of malevolent cyber conduct has become popular with criminals.

The center has cautioned users to update their operating systems and install an antivirus software tool on their devices.

 Previous Outbreak 

This is not the first time Iranians have become the target of cryptojackers. Earlier in February, Iran CERTCC reported that some local popular websites have been “borrowing” visitors’ central computer processors to mine virtual coins.

At the time the ICT minister said he had received reports from Iran CERTCC that showed some popular websites including online news services are using the computer resources of visitors to mine digital currencies.

Mohammad Javad Azari-Jahromi said, “Iran CERTCC has discovered a code in several websites that employ visitors’ CPUs for mining cryptocurrencies.” He denounced the move as a form of cryptojacking.

Iran CERTCC reported that such codes were embedded in some of these websites by cybercriminals. Administrators of such websites were informed and told to remove the codes. 

Further information is not available whether the administrators have complied with the guidelines.

 Coinhive Attack

The technology used for cryptojacking in Iran is rather likely to be Coinhive, a JavaScript code that allows website owners and cybercriminals to make money by using visitors’ computers to mine Monero, a highly profitable cryptocurrency.

According to a recent study by cybersecurity firm Check Point, Coinhive which is categorized as a malware by the company is the most prevalent malicious software online.

Computer hardware and electricity costs are the two main limits cryptocurrency miners face. By cryptojacking, miners can circumvent these limits.

In addition to facing a huge electric bill, when a user’s computer’s processor gets hijacked by the coin miners, the computer speed observes a significant decline and if checked the user would find out that the computer’s CPU usage has spiked sharply.

Cryptojackers can use 100% of a target’s computer processing power which in addition to clogging up the target’s CPU can lead to crashed processes that terminate whatever the user was doing in favor of the mining operation.

Coinhive is not the only cryptojacking malware out there and others like Cryptoloot and Rocks have been detected. All these malicious software perform the same procedures.

Google has introduced several extensions for its web browser Chrome which after installation can protect computers from being targeted by cryptojackers. 

 Universal Threat

In February 2018, a Spanish cybersecurity firm, Panda, wrote that a cryptojacking script known as WannaMine had spread to “computers around the world”. The malware was being used to mine Monero, a cryptocurrency that is notable for its ability to mine using CPUs (as opposed to graphics cards). 

Later the same month, governments in Britain, the US and Canada were affected by a cryptojacking attack that took advantage of a vulnerability in a text-to-speech software embedded in many of these governments’ sites. 

Attackers inserted the Coinhive script into the software, allowing them to mine Monero using visitors’ browsers. 

Browser mining is becoming an increasingly common practice. The lines between cryptojacking and legitimate practice are not always clear. Coinhive is often described as malware, but Salon recently partnered with its developers to mine Monero using visitors’ browsers—with their permission—as a way of monetizing the outlet’s content when faced with ad-blockers.

Some experts have cited the potential of browser mining as an alternative to ad-based monetization: in essence, legitimized cryptojacking. 

Such proposals are extremely controversial, given the potential costs to users in terms of power consumption and damage to hardware.

Later in February, it was revealed that Tesla Inc. had been the victim of cryptojacking when its Amazon Web Services software container was compromised. Similar attacks on companies have been reported going back to October 2017.