Introduction Of @malwhere and What Is CryptoJacking

Hey Steemit peoples, this is @malwhere. I have gone ahead and created a profile on Steemit, since I like the Idea. While I am still in the early stages of getting to know the platform, I want to tell you a bit about myself and my mission. You can call me Vincent or @malware and I have decided to create a profile on this network since anyone here blogs about something - cats, crocodiles, cities, the almighty blockchain and god knows what. This is the reason why I will blog about what I believe to be my mission and what I understand of - malware. Since I noticed that there is not exactly a cybersec community within Steemit, I have decided to go ahead and keep you up with the latest developments concerning malware, adware, and other forms of nefarious software and In the same time I will provide any forms of methods on how you can safely protect yourself against any forms of viruses FOR FREE, because I do believe that since the cyber-crooks pay nothing to infect your computer but their time and skills, every user should be educated to follow the same principle and go right ahead and strike back.

What is CryptoJacking?

So, lets dive right in with the first topic of the day - CryptoJacking. As most of you may be well aware of what Is, I am obliged to provide an explanation - CryptoJacking is the act of utilizing the arithmetic-logical devices and other components of one's computer in order to mine for cryptocurrencies. In other words, cyber-crooks use cryptocurrency miners in order to make sure that they link your computer to a mining pool from which they collectively mine hashing power and all of this is rewarded to the cyber-criminals wallets at the expense of your CPU and GPU power. CryptoJacking is not a dangerous form of malware, since It simply slows down and freezes your computer. But If these threats stay for a long time on your computer, you can be damn well sure that they will do more than just slow down your PC, because they may even break down some of it's components due to overheating or over-utilizing them. T

What Types of CryptoJacking are Out There?

Many will say that there are an insane amount of cryptocurrency miner malware out there, because of the algorithms they use, the cryptocurrencies they target (usually Monero or other anonymous ones), but I would like to keep it simple and take a look at the methods they use to spread and the devices they spread them one. Based on this logic, I believe that there are three main types of CryptoJacking malware out there.

Type 1: JavaScript Miners or JS:Miner Viruses

These types of cryptocurrency miners are not as dangerous as you might think, but they are constantly evolving and are being extremely widespread. Basically this is a string of a malicious JavaScript which can be added to absolutely any website and simply opening the website can start the mining process.

Type 2: Miner Malware for PC's

These types of miners are the more dangerous to users in the sense that they aim to infect your computer using different methods to do so. The main infection methods we have detected so far in relations with coin miner viruses are the following:

-Via fake executable files that are posing as legitimate software setups, programs or license activators(cracks, key generators, etc.)
-Via malicious files whose primary purpose is to trick you that they are legitimate documents. These files are usually Microsoft Word documents with malicious macros where once you click on the "Enable Content" or "Enable Editing" buttons, the documents initiate the malicious Macros.
-Via setups that contain the malware code embedded in their installers.
-Via malicious e-mail attachments.
-Via web links that can be sent to you via fake e-mails or infected messenger accounts of your friends. Fake profiles are also a possibility.

The cyber-criminals are becoming smarter and smarter when it comes to the infection methods they use. The latest infection methods that were detected are using the GDPR privacy policy updates by sending fake e-mails that are pretending to be from big companies, like Airbnb, FedEx and others, stressing out the user that if he or she does not click on a URL, their account will immediately become compromised or they can no longer use the service.

Type 3: Mobile Miner Malware

This type is primarily oriented towards Android users, but this does not mean that the same principle wont apply to other devices as well. Some of such viruses were reported by TrendMicro researchers to be the following:

ANDROIDOS_JSMINER
ANDROIDOS_CPUMINER
ANDROIDOS_KAGECOIN

These applications pretended to be completely legitimate forms of apps that are seemingly useful, one of them detected and removed under the name SafetyNet Wireless App. What these apps do to infect your PC is they use false advertising to get you to manually install them and after they request a lot of permissions from your Android device, they are in play. The app in question begins to trigger the following CoinHive JavaScript miner code on the computers of victims:

Source: TrendMicro

When it comes to Android miners, other cryptocurrencies are used, according to TrendMicro:

• MiriyadCoin
• Unitus
• Feathercoin
• Magicoin
• VertCoin

How To Remove and Protect Yourselves from CryptoJacking Malware?

Type 1: JS:Miner Scripts

To protect your computer from such miner viruses is not so difficult. If you cannot disable JavaScript on your web browser since you might be using it, make sure to install any form of web browser protection add-on. Basically most mainstream web browsers, like Mozilla Firefox, Google Chrome and Edge browser have already taken steps towards blocking CryptoJacking malware but it seems as if this does not stop the viruses from staying active. This is why there are several simple steps you can take towards securing your browser:

Step 1: Install an Ad blocking software, since some third-party ads may have these types of scripts.
Step 2: Make sure to add a security add-on to Firefox alongside your Antivirus software to help it function. Yesterday I blocked a threat, named JS:Miner-L simply by having added a browser extension that came standard with my free Antivirus program.
Step 3: Always remember the websites where you have detected CryptoJacking malware and make sure to not visit them and inform anyone that they are dangerous.

Type 2: Miner Malware

Be advised that before doing anything or removing any cryptojacking malware, it may come embedded with trigger mechanisms that may delete your files upon removing it, this is why you should also make sure that your important files are backed up> and you should definitely not underestimate this threat before removing it.

When we talk about miner malware, we talk about a complete protection of your computer. Most malware creates a lot of objects on your computer and even creates copies of them if you try to delete them manually. The files created are usually in the following directories:

%AppData%
%LocalLow%
%Roaming%
%Temp%
%Local%
%Windows%

The files of the more advanced miner malware resemble legitimate Windows processes, such as svchost.exe, notepad.exe and others. You can detect those by going to Task Manager and checking if the process is running under the username System. If not, you can right click and check if they have the original location of the process by right clicking on it and clicking on Open File Location:

This can help you find the process and stop it. but if there are other support modules, as we like to call .dll, .tmp, .vbs and other objects, you cannot find them this way. One way is to check if there is an analysis of the specific threat online and delete the files this way. But this is not a guarantee you are going to delete those files. This and the fact that the malware also attacks the Windows Registry Editor goes to show that you should use an anti-malware software which will take care of all of the other files out there. You can also perform the following protection steps to increase such intrusions in the future as well:

Step 1: Install a browser extension that will check your downloads, such as the VirusTotal's browser extension which is free.
Step 2: Make sure to install a powerful anti-malware software with real-time protection.
Step 3: Try to get used to working with a Sandbox program. Such programs aim to run Windows apps in a Sandbox so that an infection with malware is stopped within the Sandbox iteself.
Step 4: Make sure to update your software, since such malware uses vulnerabilities to infect your computer.

Type 3: Mobile Malware

This type is entirely up to you as simple anti-malware software may not cut it, because it comes down to app permissions. This is why you will need to install app that tracks other apps' permissions and stops them from working in the event that they are abusing it. The latest Android versions also come with pretty good extras that allow you to see which apps are privacy-invasive on your computer, so be advised to always check up on the apps you install. In addition to this, you can use services, like DNS66 which are basically ad-blocking VPN services that prevent in-app advertisements whether they are on your apps or other places on your Android devices. I have tried it and it works flawlessly.

Sources:

1. SensorsTechForum - Android Miner Malware - https://sensorstechforum.com/android-miner-virus-coin-miner-remove-mobile/ (My Own Material)
2. SensorsTechForum - Coin Miner Viruses - https://sensorstechforum.com/coin-miner-virus-detect-remove/ (My Own Material)
3. SensorsTechForum - DNS66 - https://sensorstechforum.com/fully-block-ads-android-device-using-dns66/ (My Own Material)
4. TrendMicro - Android Miners Report - http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/

PS: If you want me to write instructions on malware removal or any form of assistance, make sure to upvote me and I will try to respond with instructions from reports as fast as possible.