Zcash, or the return of malicious miners
5 stars based on
39 reviews
On 28 October, the cryptocurrency world saw the emergence of a new player, the Zcash ZEC cryptocurrency. Its developers have described it rather figuratively: The cryptocurrency market has been looking for this level of anonymity for a while now, so ZEC has attracted considerable interest from investors, miners and cybercriminals alike. Several major cryptocurrency exchanges were quick to offer support for the new currency.
It should be pointed out, however, that there were only a few dozen coins in existence at that time, so the actual turnover was very low. At the time of writing, it had leveled out temporarily at 0.
Despite this dramatic drop from the initial values which was anticipatedZcash mining remains among the most profitable compared to other cryptocurrencies. Ranking of cryptocurrency mining profitability, as reported by the CoinWarz website. This has led to the revival of a particular type of cybercriminal activity — the creation of botnets for mining.
A few years ago, botnets were created for bitcoin mining, but the business all but died out after it became only marginally profitable. Because these software programs are not malicious in themselves, most anti-malware programs do not react to them, or detect them as potentially unwanted programs PUP.
Kaspersky Lab products detect them as not-a-virus: Cybercriminals use rather conventional ways to distribute mining software — they are installed under the guise of other legitimate programs, such as pirated software distributed via torrents.
So far, we have not seen any cases of mass-mailings or vulnerabilities in websites being exploited to distribute mining software; however, provided mining remains as profitable as it is now, this is only a matter of time. The software can also be installed on computers that were infected earlier and became part of a for-rent botnet. The most popular mining software to date is nheqminer from the mining pool Micemash. It has two known variations: Both are detected by Kaspersky Lab products, with the respective verdicts not-a-virus: All that cybercriminals need to do to start profiting from a mining program on infected computers is to launch it and provide details of their own bitcoin or Zcash wallets.
We see that the address was created on 31 October, just a couple of days after Zcash launched, and payments are still being made to it at the current time. You may be wondering what happened to the promised anonymity.
Actually, there are two types of wallets in Zcash: An average computer can mine about 20 hashes per second; a thousand infected computers can mine about 20, hashes a second. Here are just a few real-life examples of the names used by these program and where they are installed on infected computers:. As you can see, the names of many mining programs coincide with those of legitimate applications, but the installation location is different.
For instance, the legitimate Windows Task Manager app taskmgr. To ensure that the mining program is launched each time the operating system starts, the necessary records are added either to Task Scheduler or to the registry auto-run keys. Here are some examples of these records:. Additional DLLs are required for the mining program to work.
These DLLs, shown below, are installed along with the mining program. So, what are the threats facing a user who is unaware that their computer is being used for cryptocurrency mining? Firstly, these operations are power hungry: Not exactly what you want from your computer. To prevent the installation of mining programs, Kaspersky Lab users should check their security products and make sure detection of unwanted software is enabled.
All other users are encouraged, at the very least, to check their folders and registry keys for suspicious files and records. Mining is the new black. Your email address will not be published. Notify me when new comments are added. Ranking of cryptocurrency mining profitability, as reported by the CoinWarz website This has led to the revival of a particular type of cybercriminal activity — the creation of botnets for mining. Here are just a few real-life examples of the names used by these program and where they are installed on infected computers: Here are some examples of these records: Leave a Reply Cancel Reply Your email address will not be published.