XMRig: Father Zeus of Cryptocurrency Mining Malware?

Cryptocurrency is exploding all over the world, and so are attacks involving cryptocoins. From bitcoin to Ethereum and Monero, cybercriminals are stealing coins via phishing, malware and exchange platform compromises, causing tremendous losses to both consumers and businesses in the sector.

High-profile data breaches and theft are responsible for the majority of losses to organizations in the cryptocurrency sector, but there is another, more insidious threat that drains cryptocurrency at a slow and steady rate: malicious crypto-mining, also known as cryptojacking.

This scheme exploits end users’ CPU/GPU processing power through compromised websites, devices and servers. This type of malware is wielded by operators aiming to make money on the backs of their victims. Aside from the obvious performance degradation victims will experience, mining can cause machines to consume tons of electricity and overheat to the point of damage, causing unexpected data loss that may be hard to recover. In one case in Russia, this overheating resulted in a full-out blaze.

Among the many codes that already plague users and organizations with illicit crypto-mining, it appears that a precursor has emerged: a code base known as XMRig that spawns new offspring without having intended to.

The Code Reuse Problem

The malware world can spawn millions of different strains a year that infect users with codes that are the same or very similar. Code reuse often happens because malware developers won’t reinvent the wheel if they don’t have to.

Continue reading this blog post here.