Thailand is number one as world’s malware mining hotspot
Software used to mine cryptocurrency is being delivered on a global scale through malware techniques, says security firm
By Suchit Leesa-Nguansuk
Thailand has become the world’s leading hotspot for cryptocurrency mining malware, according to Palo Alto Networks, a network and enterprise security firm.
Cryptocurrency-focused threats should be a focus of intelligence and preventive efforts for all defenders in 2018, as attackers have already introduced more large-scale attacks globally, Christopher Budd wrote on the Palo Alto Networks blog.
The company found that XRMig, software that is used to mine the monero cryptocurrency, is being used to attack systems without the knowledge or consent of the victims.
While XRMig itself is not specifically malware, it is being delivered using malware delivery techniques. The attackers are doing this by using URL shorteners to make XMRig look like other, legitimate and expected programs.
Among the top 10 countries globally attacked, Thailand saw the most downloads of the new malware at 3,545,437, followed by Vietnam (1,830,065), Egypt (1,132,863), Indonesia (988,163), Turkey (665,058), Peru (646,985), Algeria (614,870), Brazil (550,053), the Philippines (406,294) and Venezuela (400,661).
Attackers are continuing to adapt existing techniques to generate cryptocurrency.
A research posting entitled “Large Scale Monero Cryptocurrency Mining Operation using XMRig” said the new malware campaign is global in scale and uses well-established techniques to mine the monero cryptocurrency.
Monero is similar to bitcoin but notable for an increased emphasis on providing a higher level of privacy around transactions.
Like bitcoin, monero is generated through mining, a computationally intensive process that provides cryptocurrency credit in exchange for computing resources provided in service to the cryptocurrency and its transaction infrastructure.
Given this latest in cryptocurrency-focused threats, it’s clear this is an early-stage threat, reusing established techniques and tactics, the posting said.