Cryptojacking & hidden mining methods
The good news is that hackers are gradually losing interest in brutal attacks on wallets because of the growing opposition of cryptocurrency services and the increasing level of literacy of users themselves. The focus of hackers is now on hidden mining.
According to McAfee Labs, in the first quarter of 2018, 2.9 million samples of virus software for hidden mining were registered worldwide. This is up by 625 percent more than in the last quarter of 2017. The method is called "cryptojacking" and it has fascinated hackers with its simplicity in such away that they massively took up its implementation, abandoning the traditional extortion programs.
The bad news is that the activity of hacking has not decrease in the least bit. Experts of the company Carbon Black — which works with cybersecurity — revealed that, as of July 2018, there are approximately 12,000 trading platforms on the dark web selling about 34,000 offers for hackers. The average price for malicious attack software sold on such a platform is about $224.
But how does it get on our computers? Let's return to the news with which we started. On June 27, users began leaving comments on Malwarebytes forum about a program called All-Radio 4.27 Portable that was being unknowingly installed on their devices. The situation was complicated by the impossibility of its removal. Though, in its original form, this software seems to be an innocuous and popular content viewer, its version was modified by hackers to be a whole "suitcase" of unpleasant surprises.
Of course, the package contains a hidden miner, but it only slows down the computer. As for the program for monitoring the clipboard, that replaces the addresses when the user copies and pastes the password, and it has been collecting 2,343,286 Bitcoin wallets of potential victims. This is the first time when hackers demonstrated such a huge database of cryptocurrency owners — so far, such programs have contained a very limited set of addresses for substitution.
After replacing the data, the user voluntarily transfers funds to the attacker's wallet address. The only way to protect the funds against this is by double-checking the entered address when visiting the website, which is not very pleasant, but reliable and could become a useful habit.
After questioning of victims of All-Radio 4.27 Portable, it was discovered that malicious software got on their computers as a result of unreasonable actions. As the experts from Malwarebytes and Bleeping Computer found out, people used cracks of licensed programs and games, as well as Windows activators like KMSpico, for example. Thus, hackers have chosen as victims those who consciously violated copyright and security rules.
Well-known expert on Mac malware Patrick Wardle often writes in his blog that many viruses addressed to ordinary users are infinitely stupid. It's equally silly to become a victim of such hacking attacks. Therefore, in conclusion, we'd like to remind you of the advice from Bryan Wallace, Google Small Business Advisor:
“Encryption, anti-virus software, and multi-factor identification will only keep your assets safe to a point; they key is preventive measures and simple common sense.”
Impenetrable Crypto Wallet : private keys never stored , anywhere , at any given time . The Private Key (PK) is safely generated by you , known only to you , and can be accessed only by you .
The Device generating the PK, is not storing at any given time the PK generated . It is generated by you , on the spot , with a passphrase , when needed , for just a few milliseconds , just to sign in the transaction and then disappear permanently from the device .