Hackers are modifying existing ransomware for cryptocurrency malware

09 Sep, 2018
by Richard Allen
Hackers are modifying existing ransomware for cryptocurrency malware

Cybersecurity experts at Kaspersky and Fortinet have reportedly discovered new cryptocurrency malware that has been developed using updated versions of pre-existing ransomware, ITPro Today reports.

Coinhive, launched in September 2017 is probably the best-known example of cryptojacking - a process whereby hackers implement code into a website that mines cryptocurrencies using the processing power of visitors’ computers without their consent.

Researchers at Kaspersky have discovered that hackers are updating the five-year-old Trojan-Ransom.Win32.Rakhni malware family. Once it has been installed on the victim’s computer, the malware first runs through a checklist before deciding to install ransomware or deploy a cryptominer that will siphon the computer’s power.

Egor Vasilenko and Orkhan Mamedov wrote in a blogpost that "The decision to download the cryptor or the miner depends on the presence of the folder %AppData%\Bitcoin. If the folder exists, the downloader decides to download the cryptor. If the folder doesn’t exist and the machine has more than two logical processors, the miner will be downloaded. If there’s no folder and just one logical processor, the downloader jumps to its worm component.” 

Fortinet discovered similar malware that’s based on the Jigsaw ransomware which first appeared in 2013. This new version allows attackers to steal Bitcoin by changing the addresses of the victims’ wallets to some of the 10,000 existing Bitcoin addresses it has stored and then rerouting payments to the hackers’ wallet instead.

Follow Chepicap now on Twitter and Telegram!


Have you ever been a victim of crypto-related malware?

(4 votes)

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage