CYBER SECURITY ENTHUSIAST

Security researchers recently analyzed various spam campaigns and discovered a new one related to Bitcoin cryptocurrency that is impacting a lot of websites.

For the past months, Bitcoin gained a lot of attention and reached high price levels, followed by various fluctuations. The process of mining consists in verifying other Bitcoin transactions, which users are rewarded for, and is supposed to keep transactions safe and secure.

How the infection is spread

During this spam campaign, online criminals try to inject a malicious script into different WordPress, Joomla, and jBoss legitimate websites. They do this by hiding the unwanted script on the embed site with the main purpose to create a binary file. With the help of this binary file, hackers will misuse the PC’s CPU to access users’ computers to mine Bitcoin.

Basically, when visitors access a website that hosts the malicious script, their PC’s CPU is used to mine Bitcoin currency for cyber attackers. It will also collect information from the Bitcoin wallet which has been installed on the compromised machine.

Here is how the malicious script is injected with a reference to the following site (sanitized for your own protection)

http: // online-game-18 [.] xyz /? c = 41-149-20180219062557833d27348 & pst = 2 & key = [uniktID]

The package file provided to the potential victims looks like a game for adults named “The # 1 Adult Game – Free to Play” and containing an executable filename “setup_sex_game.exe”

The binary package is digitally certified by Comodo with the following details:

Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 2/15/2018 to 12:59 AM 2/16/2019
Valid Use Code Signing
Algorithm sha256RSA
Thumbprint 9FB7FD71BB7DA9C256E872CB56E3808E811990BB
Serial number 66 CA 14 17 72 9E 0A BB D8 F9 80 08 A3 97 4B B4

The above domain is hosted on this server (sanitized for your own protection) 212.224.118 [.] 40. Security researchers discovered that it’s the same server linked with other Bitcoin mining domains, including the same offer of a free game. Here’s a list of malicious domains:

action8 [.] xyz
biggame1 [.] xyz
updflash [.] xyz
Best-game [.] xyz
game18plus [.] xyz
need action [.] xyz
Win32 flash [.] xyz
update-flash [.] xyz
Update Flash Player [.] xyz

Heimdal Security proactively blocked all infected sites, so all Heimdal PRO and Heimdal CORP users are protected.

According to VirusTotal, only 16 antivirus engines out of 68 managed to detect the binary package file at the time we write this article.

VirusTotal Bitcoin miner

How to protect yourself against malicious script injections

The main issue with the Bitcoin Mining malware is that it acts like a fileless malware and usually go undetected by traditional antivirus products. Injecting a malicious script, hackers can redirect users to a compromised site and steal users’ sensitive data. This is why we strongly recommend users to:

  • Apply all the updates available for your apps (especially the most vulnerable ones: Flash and Java, browsers), software programs and system. Do NOT postpone and neglect to keep your system fully patched. Keeping OS up to date is the best thing users can do for their safety.
  • Be very careful when clicking on suspicious links or websites and always check if the web page’s URL is genuine;
  • Make sure you access sites that use a security certificate or HTTPS to avoid malware infection;
  • Install a reliable antivirus program installed on your computer to protect your valuable data from online threats;
  • Consider adding multiple layers of protection and use also a proactive cyber security software solution;
  • Probably one of the best security measure everyone can use is to learn how to easily detect various online threats. We recommend reading these free educational resources to gain more knowledge in the cybersecurity industry.

*This article features cyber intelligence provided by CSIS Security Group researchers.

cryptocurrency security and how to safely invest in bitcoin
2017.11.22 SLOW READ

Cryptocurrency Security: How to Safely Invest in Digital Currency

2017.06.30 INTERMEDIATE READ

How Malicious Websites Infect You in Unexpected Ways

JavaScript Malware
2016.06.29 INTERMEDIATE READ

JavaScript Malware – a Growing Trend Explained for Everyday Users

Comments

Privileged to read this informative blog on Blockchain. Commendable efforts to put on research the data. Please enlighten us with regular updates on Blockchain. Friends if you’re keen to know more about Blockchain you can watch this amazing AI tutorial on the same.
https://www.youtube.com/watch?v=27jc6AuhYZI

very nice article keep posting. If you get any updates regarding cyber <a then join with us at Indian Cyber Army https://www.ica.in/newsroom/porn-shark-monitored-video-calls news

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP