Cryptominer Trojan Hiding Within an Image File
Because of the cryptocurrency market's significant growth in the past couple of years, everyone wants a piece of that pie. Ransomware is still the most popular way for cybercriminals to generate that cryptocurrency income, but these days it seems that everything from personal computers to mobile devices and servers are all being targeted as possible hosts for secretly mining cryptocurrency. This week the SonicWall Capture Labs Threat Research Team has received reports of a malware purporting to be an image file but drops a cryptominer for Linux.
Infection cycle: At first look, this file appears to be harmless. It displays this image when executed:
And also has a standard header for a PNG file:
Upon more thorough inspection, towards the end of that PNG format we find a standard file format for an executable file - ELF.
Extracting this executable file we find that it is a XMRig Monero cryptocurrency miner
Its main function is to mine Monero from crypto-pool.fr using this address as shown below.
How to Avoid CyberAttacks?
Employee Education: CYBERSECURITY 101 It's critical that your staff understands what ransomware is and the threats that it poses. Provide your team with specific learning experience examples of suspicious emails with clear instructions on what to do if they encounter a potential ransomware lure (i.e. don’t open attachments, if you see something, say something, etc.) see CYBERSECURITY 101 training program below
Security: Antivirus software is essential for any business to protect against ransomware and other risks. Ensure your security software is up to date to protect against newly identified threats. Keep all business applications patched and updated to minimize vulnerabilities.
Backup Disaster recovery: Modern total data protection solutions take snapshot-based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean and the malware can’t be triggered again.
EmailSecurity: Use a real Cloud-based email security platform, a robust, secure, and legally compliant email encryption.
Quarterly Network Security Assessments: Did you know that most security vulnerabilities occur inside a business, behind the firewall? In fact, more than 70% of all cyber security incidents today are the result of INTERNAL security issues that no firewall, anti-virus or malware device could have prevented. schedule yours now.
To find out about cybersecurity and what SynerTech security team can do to fight back, Fill out the form here .
Contact us today for more information.