How polite: Fun-bucks coin miners graciously ease off CPU pounding

Conniving crypto creeps caught covertly concealing coin-crafting computer crime code

Coal miners

Cryptocurrency-mining malware writers are dialing back their use of your compute cycles in order to avoid detection.

This is according to Johannes Ullrich, head of research at SANS, who today pointed out that malicious mining apps are scaling down activity and employing built-in encryption to make them harder for antivirus packages to detect.

"The latest cryptocoin miners I have seen try to make it a bit more difficult to detect them by being less greedy and not asking for all the CPU cycles at once," Ullrich said.

"They also take better advantage of some newer CPU features like AES support."

Ullrich spoke out after a fresh strain of malware was found to be using a remote-code execution exploit for a vulnerability in Apache Struts. The payload included a particularly nasty bit of code that takes over the host server to mine crypto-coins for a wallet controlled by the attacker.

As Ullrich noted, crypto-coin-crafting malware is nothing new. Criminals have for years been hijacking the CPUs of unsuspecting users to generate virtual dosh for themselves. One of the dead giveaways of the malware is the high processor use that gets reported when the software nasty ratchets up its operations.

This particular coin-mining malware, however, is noteworthy for its limits on CPU activity, restraining itself to only access half of the threads available on the host processors.

As a result, Ullrich said, the malware attempts to make itself less visible on the host machine. But apparently the effort was not good enough, as the security wonk was less than impressed with the code.

"I really wish that attackers would actually come up with a new scheme to make money so life will be more interesting," he mused.

"But then again, sometimes it is nice if security is a bit boring and not too exciting."

At this point we ought to wheel out the standard security warnings: run up-to-date antivirus software on your machine, keep up with all patches, and don't open any attachments from unsolicited or otherwise suspicious email, least you find yourself unwittingly mining fun bucks for a crook. ®




Biting the hand that feeds IT © 1998–2018