Researchers at cybersecurity research lab McAfee Labs have recently revealed a new type of cryptojacking malware dubbed “WebCobra” has been infecting users’ machines to mine Monero (XMR) or Zcash (ZEC) in secret.
According to a recently published report, the malware seems to have originated in Russia, and installs a Cryptonight or a Claymore miner – to mine XMR or ZEC respectively – according to the victims’ hardware, to make as much profit as possible. The report reads:
The main dropper is a Microsoft installer that checks the running environment. On x86 systems, it injects Cryptonight miner code into a running process and launches a process monitor. On x64 systems, it checks the GPU configuration and downloads and executes Claymore’s Zcash miner from a remote server.
Despite the malware’s origins, researchers claim it has infected users throughout the world, including in Brazil, the United States, and South Africa. The malware reportedly runs in secret and is only detectable if users figure out it’s the reason their machines are slower than normal.
As performance degrades and the malware starts consuming more of its resources to mine cryptocurrencies, the report reads, the “machine slows down, leaving the user with a headache and an unwelcome bill.”
As CryptoGlobe covered, McAfee Labs revealed back in June that cryptojacking malware cases increased by a whopping 629% in the first quarter of this year. The surge in cryptojacking cases was so significant that the Monero community established a Monero Malware WorkGroup to fight back against malware taking advantage of unsuspecting users’ machines.
Later on, a vigilante botnet targeting cryptojacking malware that was executing kamikaze attacks was discovered. The sudden rise in these types of cases is attributed by some to the crypto market’s bull run last year, which saw most cryptocurrencies hit a new all-time high.
McAfee Labs’ report included a chart that shows how the amount of mining malware spreading across the web increased in tandem with XMR’s price.
The cryptojacking trend saw various web browsers add built-in blockers that stop websites from using users’ CPU resources to mine. The first onse to do so were the Opera browser and the Brave browser. In September, Firefox joined the list.
Earlier this year, Google moved to remove all cryptocurrency mining extensions from Chrome’s web store, as according to the search giant about 90% of them failed to comply with its policies.