Hackers Using Process Hollowing to Hide Crypto Jacking from Detection
- The mining process is also controlled to avoid any unnecessary alarms.
In an attempt to hide cryptojacking malware on victims' computers, hackers evolved their attacking tactics and are using process hollowing, per a ZDNet report.
This was revealed by three researchers from cybersecurity company Trend Micro - Arianne Dela Cruz, Jay Nebre, and Augusto Remillano - on Wednesday.
Hackers ran an organized campaign with the malware, using an interesting dropper component containing a malicious secret, throughout November across countries including Kuwait, Thailand, India, Bangladesh, the United Arab Emirates, Brazil, and Pakistan.
A secure way to mine crypto
The report detailed that this attack technique is sophisticated as the file injected into the victim's computer acts as both a malware dropper and a container, and is not malicious itself. The file contains main executable and Crypto Mining Crypto Mining Cryptocurrency mining is defined as the process through which the transactions of a digital currency are authenticated then published to blockchain. For every crypto transaction conducted, a crypto miner is in charge of authenticating the information which, if approved, is then updated in the blockchain. Currently, the most popular cryptocurrencies being mined are Bitcoin, Litecoin, Ethereum Classic, Monero, and DASH. How is Cryptocurrency Mined?The process of crypto mining itself involves the s Cryptocurrency mining is defined as the process through which the transactions of a digital currency are authenticated then published to blockchain. For every crypto transaction conducted, a crypto miner is in charge of authenticating the information which, if approved, is then updated in the blockchain. Currently, the most popular cryptocurrencies being mined are Bitcoin, Litecoin, Ethereum Classic, Monero, and DASH. How is Cryptocurrency Mined?The process of crypto mining itself involves the s Read this Term codes but renders them as inactive.
To trigger the malicious behavior, the dropper needs a specific set of command-line codes which act as a trigger. After the Execution Execution Execution is the process during which a client submits an order to the brokerage, which consequently executes it resulting in an open position in a given asset. The execution of the order occurs only when it is filled. There is typically a time delay between the placement of the order and the execution which is called latency.In the retail FX space, reliable brokers always strive to deliver best execution to their clients in order to maintain a solid business relationship with them. This is a co Execution is the process during which a client submits an order to the brokerage, which consequently executes it resulting in an open position in a given asset. The execution of the order occurs only when it is filled. There is typically a time delay between the placement of the order and the execution which is called latency.In the retail FX space, reliable brokers always strive to deliver best execution to their clients in order to maintain a solid business relationship with them. This is a co Read this Term, the file acts as a normal file and leaves no trace of any malicious file. This technique is popularly known as process hollowing.
Moreover, to avoid malware scans, the malicious code is hidden in a directory without an extension.
To avoid any sudden trigger, the malware mines digital currency, mostly Monero, in a controlled way.
“While the number of new routines for malicious cryptocurrency miners has increased, overall detections for coin mining activities have decreased this year,” the cybersecurity company explained. “We suspect that the cybercriminals behind this particular campaign may have been taking advantage of the decreased number of competitors, especially as the year comes to a close.”
To hide from detection, attackers are using several techniques to profitably mine Monero on other peoples' computers. Late last month, Finance Magnates reported that infamous botnet Stantinko has added crypto mining capabilities and is using YouTube to hide its malpractices.
In an attempt to hide cryptojacking malware on victims' computers, hackers evolved their attacking tactics and are using process hollowing, per a ZDNet report.
This was revealed by three researchers from cybersecurity company Trend Micro - Arianne Dela Cruz, Jay Nebre, and Augusto Remillano - on Wednesday.
Hackers ran an organized campaign with the malware, using an interesting dropper component containing a malicious secret, throughout November across countries including Kuwait, Thailand, India, Bangladesh, the United Arab Emirates, Brazil, and Pakistan.
A secure way to mine crypto
The report detailed that this attack technique is sophisticated as the file injected into the victim's computer acts as both a malware dropper and a container, and is not malicious itself. The file contains main executable and Crypto Mining Crypto Mining Cryptocurrency mining is defined as the process through which the transactions of a digital currency are authenticated then published to blockchain. For every crypto transaction conducted, a crypto miner is in charge of authenticating the information which, if approved, is then updated in the blockchain. Currently, the most popular cryptocurrencies being mined are Bitcoin, Litecoin, Ethereum Classic, Monero, and DASH. How is Cryptocurrency Mined?The process of crypto mining itself involves the s Cryptocurrency mining is defined as the process through which the transactions of a digital currency are authenticated then published to blockchain. For every crypto transaction conducted, a crypto miner is in charge of authenticating the information which, if approved, is then updated in the blockchain. Currently, the most popular cryptocurrencies being mined are Bitcoin, Litecoin, Ethereum Classic, Monero, and DASH. How is Cryptocurrency Mined?The process of crypto mining itself involves the s Read this Term codes but renders them as inactive.
To trigger the malicious behavior, the dropper needs a specific set of command-line codes which act as a trigger. After the Execution Execution Execution is the process during which a client submits an order to the brokerage, which consequently executes it resulting in an open position in a given asset. The execution of the order occurs only when it is filled. There is typically a time delay between the placement of the order and the execution which is called latency.In the retail FX space, reliable brokers always strive to deliver best execution to their clients in order to maintain a solid business relationship with them. This is a co Execution is the process during which a client submits an order to the brokerage, which consequently executes it resulting in an open position in a given asset. The execution of the order occurs only when it is filled. There is typically a time delay between the placement of the order and the execution which is called latency.In the retail FX space, reliable brokers always strive to deliver best execution to their clients in order to maintain a solid business relationship with them. This is a co Read this Term, the file acts as a normal file and leaves no trace of any malicious file. This technique is popularly known as process hollowing.
Moreover, to avoid malware scans, the malicious code is hidden in a directory without an extension.
To avoid any sudden trigger, the malware mines digital currency, mostly Monero, in a controlled way.
“While the number of new routines for malicious cryptocurrency miners has increased, overall detections for coin mining activities have decreased this year,” the cybersecurity company explained. “We suspect that the cybercriminals behind this particular campaign may have been taking advantage of the decreased number of competitors, especially as the year comes to a close.”
To hide from detection, attackers are using several techniques to profitably mine Monero on other peoples' computers. Late last month, Finance Magnates reported that infamous botnet Stantinko has added crypto mining capabilities and is using YouTube to hide its malpractices.