Monero, the Cryptocurrency that CyberCriminals Can Never Hate

Monero coin mining is the current darling of the cybercriminal community. With an easy entry to the cryptocurrency trend compared to Bitcoins and Ethereum, Monero-mining malware has been the center of development in virus programming vis-a-vis ransomware. It is a very profitable undertaking for Monero mining malware to be embedded with a legitimate site, without the user’s knowledge that it is already stealing CPU/GPU cycles for the task. One such genuine website is Slate.com which experimented with Monero mining through their website, they briefly replaced the adverts by unannounced with cryptojacking functionality that used Javascript.

Monero is a cryptocurrency, according to CryptoBriefing, they define Monero as: “Monero (XMR) is a cryptocurrency which focuses on being untraceable and private. Its design differs from Bitcoin’s in a few key ways, but it should be understood as a cryptocurrency similar to Bitcoin – it can be used to buy and sell things, and can be exchanged for other coins or tokens. Monero manages to privilege the details of transactions in such a way that only the actors in the transactions can accurately verify their sending and receipt, while publicly this information is difficult to trace.”

“Attackers like Monero for two reasons: 1) it is private, so they do not need to worry about companies and law enforcement tracing what they do with the Monero after they mine it, and 2) Monero uses a Proof of Work (PoW) algorithm that is CPU and GPU-friendly; thus, the infected machines are competitive. These two components are increasingly distinguishing factors for why attackers choose to mine Monero over other cryptocurrencies,” explained Justin Ehronhofer, Malware Response Workgroup’s Director.

Ehrenofer’s working group continue to study the developments of such malware, as it has extreme effects on the web. The chain of trust that users give to the site they often visit will be tainted with doubt, a doubt that has a basis in reality. “We created this workgroup to help the victims of these mining/ransomware attacks, who often have no idea what Monero, mining, and cryptocurrencies are… the increased prevalence of Monero-related malware prompted the formation of the workgroup,” added Ehrenofer.

Cryptojacking malware through website visits increases the attack surface of a computer. Through the use of the ubiquitous Javascript, mining of Monero has been simplified, the perpetrators do not need to directly infect the computer of the visitor. The mining operations happen on the browser itself, which means the risk is not only Windows-based, the used to be more secure platforms, Linux and MacOS are also vulnerable.

Monero coin is a legitimate cryptocurrency, similar to Bitcoin and the rest of its derivatives they are actively being traded by various exchanges worldwide. Due to lower barriers of entry, Monero has been at the center stage as a favorite cryptocurrency of cybercriminals engaging with cryptojacking. However, this is highly condemned by Monero community, they are strong believers that alternatives to Bitcoin, like Monero, will further embed the legitimacy of the use of cryptocurrency for everyday use.

“Monero itself and the community aren’t attacking computers, but the computers are attacked with some vulnerability and the attacker decides to run mining software on the compromised machines,” concluded Ehrenofer