Security researchers recently observed threat actors burying crypto-mining malware inside compromised websites to hijack victims’ computing resources.

Victims who visited a site infected with the malicious JavaScript code unwittingly unleashed a payload that was hidden within a header file of a WordPress theme, according to researchers from Sucuri.

Although the file itself was legitimate, the code obfuscated the crypto-mining malware and kept it at bay until it confirmed that:

  • The malware wouldn’t be detected via automated scans; and
  • The victim’s device had the central processing unit (CPU) power necessary to mine cryptocurrencies such as bitcoin and Monero.

After the malware confirmed that the infected device met these criteria, it began the mining process.

What Is Crypto-Mining Malware?

Cybercriminals have been using banking Trojans and other tools to mine cryptocurrency since at least 2013, according to the “IBM X-Force Threat Intelligence Index 2018.” One of the most common methods to date has involved mobile apps and websites laden with malicious code hidden inside ads, otherwise known as malvertising.

Coin-stealing has traditionally involved very basic pieces of malware that work over time on a victim’s endpoint. In this recent case, however, researchers were only able to discover the crypto-mining malware after refactoring the code and examining it in detail. Meanwhile, such attacks can drain smartphones, desktops and other systems to enrich the attackers.

How to Keep Crypto-Miners Away From Your Devices

To protect enterprise networks from crypto-mining malware, security experts recommend creating an inventory of all applications in use across the enterprise, then categorizing them by risk attributes, such as whether they are internal or customer-facing.

Security teams should also evaluate applications based on criticality, impact, reputational damage and loss of personally identifiable information (PII), for example. As this incident suggests, however, the impact of a crypto-mining attack could also include loss of computing resources to stealthy cryptocurrency miners.

Source: Sucuri

More from

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

What CISOs Should Know About CIRCIA Incident Reporting

In March of 2022, a new federal law was adopted: the Cyber Incident Reporting Critical Infrastructure Act (CIRCIA). This new legislation focuses on reporting requirements related to cybersecurity incidents and ransomware payments. The key takeaway: covered entities in critical infrastructure will now be required to report incidents and payments within specified time frames to the Cybersecurity and Infrastructure Security Agency (CISA). These new requirements will change how CISOs handle cyber incidents for the foreseeable future. As a result, CISOs must…

Will the 2.5M Records Breach Impact Student Loan Relief?

Over 2.5 million student loan accounts were breached in the summer of 2022, according to a recent Maine Attorney General data breach notification. The target of the breach was Nelnet Servicing, a servicing system and web portal provider for the Oklahoma Student Loan Authority (OSLA) and EdFinancial. An investigation determined that intruders accessed student loan account registration information between June and July 2022. The stolen data includes names, addresses, emails, phone numbers and social security numbers for 2,501,324 student loan…

Containers, Security, and Risks within Containerized Environments

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted system or set of systems for which they intend to create an application. This targeted system would be the mall. Then, when building the application, they would…