Crypto thieves are now utilizing what’s known as a malware dropper to hide malicious code on users’ computers to mine cryptocurrency without the users’ knowledge. It's a method that popped up in several Asian and South American countries, including Brazil, India, Bangladesh and Kuwait, according to the report.
The new malware’s effectiveness is partly to do with the fact that the code hidden by the dropper is not malicious by itself. Instead, it requires a series of commands to be executed so it can mine cryptocurrency, Trend Micro researchers explained. Through a process known as “hollowing,” the code lies in an inactive state on the target’s computer, remaining undetected. From there, attackers can issue commands at will, causing the code to mine Monero—a cryptocurrency widely popular for its anonymous properties—and send it to a wallet that they control.
“As the dropped file is only made of skeletal code with no behavior on its own, the file can stay undetected in the system and possibly evade even manual detection when dormant,” the report explains. “The attackers can choose to activate the malware at specific times.”
It all amounts to yet another method of cryptojacking—the malicious hijacking of a computer’s processing power to mine and steal cryptocurrency. Trend Micro said in its report that it’s seen a higher percentage of mining malware in 2019, as the prices of many digital assets—particularly Bitcoin—have surged over the past 12 months. But while new cryptojacking methods have emerged, the number of detected cases of illicit crypto mining has fallen significantly, according to the firm.
Trend Micro’s data jibes with a report earlier this year from cybersecurity firm Check Point, which suggestested that cryptojacking attacks were in decline. Check Point’s research showed that the number of cryptojacking attacks during the first half of 2019 dropped from 42 percent to about 26 percent, when compared to the same period of time in 2018.