On April 9th, Tencent Security Yujian Threat Intelligence Center publishedmonitoring reportAccording to the report, thousands of website pages including traditional enterprises, Internet companies, schools, and government agencies have been implanted with malicious mining JS scripts, and the threat is still expanding.
On the 10th, the center claimed to have captured a mining Trojan horse hidden in the renovation video. The Trojan horse has cumulatively affected more than 50,000 machines, with a peak of 4,000 machines online at the same time.
In 2017, with the skyrocketing price of digital cryptocurrency, the number of cyber attacks surrounding virtual currency is also increasing. In addition to attacking large exchanges,By implanting malicious mining programs into websites, stealing users computing power as free miners is also becoming an alternative direction for many hackers to get rich.
According to data from Kaspersky Lab, from 2016 to 2017, the number of attacks using victims computer hardware resources to mine encrypted virtual currency increased by nearly 1.5 times.Among them, Monero has become the first choice for many hackers to mine because the transactions between the two parties cannot be traced back. Another data shows that only in the 6-month period of the second half of 2017, Hackers have earned more than $7 million through mining.
This year, as the difficulty of mining digital cryptocurrencies continues to increase and the number decreases, and the number and types of mining script programs such as Coinhive, JSEcoin, CryptoLoot, and MineMyTraffic are increasing,Global malicious mining incidents are also further showing a high incidence.
According to Bitcoin.com, on March 6, 2018, more than 400,000 personal computers were attacked by large-scale malicious mining software, and the attack lasted for 12 hours. Most of the computers attacked (73%) were located in Russia, followed by Turkey (18%) and Ukraine (4%).
In addition to personal and corporate computers, many well-known websites are also hard to escape。
In January this year, Google’s paid advertising service DoubleClick was implanted with malicious mining code by attackers, and used its traffic distribution function to grab a lot of free computing power for mining. Affected.
Previously, Starbucks WiFi hotspot network, instant messaging software telegram, WhatsApp, and Southern Weekly were also attacked by malicious mining software.
It is worth noting that the hidden methods of malicious mining Trojans are being upgraded.According to the 2017 Digital Cryptocurrency Security Report released by Tencent Security, after the streaking period of direct attacks and the covering period of hiding in browsers/plug-ins, the current mining Trojan has entered the stealth period and is no longer There are executable files that land and are directly embedded in web pages, and work secretly in the background while users are reading novels and videos online.
At present, hackers are obviously not satisfied with attacking computer webpages.Smartphones are also becoming the hardest hit areas for malicious mining implants.
In February of this year, the Android mining worm broke out for the first time in the world. This new malicious program infected 5,000 devices within 24 hours. China and South Korea became the hardest hit areas of the virus.
In March, the US network security company Trend Micro stated that a new malicious software HiddenMiner will use the infected Android mobile phone CPU to mine Monero, and because there is no control program set, the software will continue to mine until the mobile phone Resources are exhausted or even corrupted.
However, in April of this year, Google determined in a statement that “90 percent of all extensions with mining scripts that developers attempt to upload to the Chrome Web Store are non-compliant.” At present, the mining virus has become a new threat, and the Internet giants will not sit still.
