Cyber Crooks who were behind the spread of VenusLocker Ransomware have switched to Cryptocurrency Mining targeting computer users in South Korea. And as per the sources reporting to Cybersecurity Insiders, instead of locking down computers with malware and demanding a ransom, they say hackers’ group are now trying to install malware on PCs that mines Monero, an open-source cryptocurrency.
The evolving trend of the cybercriminals was closely watched by researchers from FortiGuard Labs, who compiled a report confirming that the hackers group was trying to capitalize on a surging digital currency market and so is into Monero mining.
Note- Monero is a variant of cryptocurrency created in April 2014 and focuses on Decentralization, privacy, and scalability that runs on Windows, Mac, Linus, and Android OSes. Like the technicality behind Bitcoins, Monero also uses a public ledge similar to that of a blockchain to record transactions. While new units of Monero are created with the help of mining. The said currency is more obscure than bitcoin as it keeps the details of the sender, recipient and the amount of every transaction in a more egalitarian way.
Security researchers from FortiGuard labs have found out that the hackers are victimizing South Korean PC users into Monero mining by launching social engineering attacks such as email phishing.
For example, one email suggests that it is being sent from an online garment store of South Korea and falsely claims that the recipient data from their website has been leaked due to a hack. Another variant says that since the recipient is using legally liable images without consent on their respective website, they will be subjected to a legal procedure if they fail to open the attachment. In both cases, the attachment will have Monero mining malware.
Further analysis of FortiGuard Labs team has found that the mechanics of the attack payload matches the scheme used by VenusLocker ransomware spreaders in the past.
Note- As of now, 1 Monero rate stands at $400 USD.
So, the readers of our Cybersecurity Insiders are requested to be careful while accessing their email inboxes.