Innovative hackers appear to have used a virus titled “Crackonosh” to mine millions of USD worth of the Monero (XMR) cryptocurrency. In operation since 2018, Crackonosh deploys through illegally pirated software – most of which consists of popular video games found through torrent sites. This attack is the latest in a new form of attack known as “crypto-jacking,” in which infected computers become part of a decentralized mining rig for proof-of-work cryptocurrencies.
As cryptocurrency grows in prominence, the digital payment aspect makes it more attractive for malicious actors looking to obscure their ransom demands. Bitcoin fast became a currency of choice for hackers, drug runners, and ransomware operators – second only to the U.S. dollar. Cryptocurrency made headlines during the Colonial Pipeline saga when the attackers demanded their ransom in Bitcoin – which the FBI then managed to recover through white-hat hacker tactics. The entire fiasco helped trigger the recent downtrend in cryptocurrency values across the board.
The Advent of Cryptojacking
Cybersecurity defenses always struggled to keep up with the near-constant innovation of new forms of digital assault. As online interactions grow more ubiquitous, less technically-savvy users become increasingly out of their depth. This leads to easier avenues of attack for malicious actors – including the concept of crypto-jacking. A crypto-jacked computer shows no outward signs of infection – save for slightly downgraded performance. Instead, it quietly mines the hacker’s cryptocurrency of choice in the background.
While each computer contributes little to the overall hash power, the decentralized network of ‘zombie’ computers represents a considerable amount of computing power. In effect, these hackers have turned their age-old DDoS system directly into a money-making scheme. As always, the attacks grow more sophisticated over time – Crackonosh disables security updates specifically to prevent its discovery.
Why Do Hackers Prefer Monero?
The general public’s perception of Bitcoin rarely aligns with reality. Many still believe Bitcoin to be an untraceable digital currency used mostly for illicit activities. Often, their perception more closely matches the description of Monero – one of the most prominent anonymous currencies available. Transactions made on the Monero blockchain involve a series of randomized events that prevent efficient forensics – making it ideal for money laundering purposes.
Further, the computing power necessary to mine Monero is minuscule compared to Bitcoin’s requirements. This makes in-browser and decentralized virus-based mining possible. During the previous boom, browser-based Coinhive allowed sites to run software in the background – driving user traffic through a mining algorithm that produced Monero for the site. Famously, torrent site The Pirate Bay used this process openly – further linking the torrent process to Monero-based malware.