A new method of cryptojacking has been discovered. This new tactic involves using a downloadable movie file as bait, then cryptocurrencies are being mined in the background without you knowing. In addition, the virus also attempts to steal cryptocurrency through Wikipedia donations according to security researcher ‘@0xffff08000’.
A few days back we published an article, “New research shows that Cryptojacking is responsible for more than 4% of Monero’s supply“
In that article, we briefly went over the process of cryptojacking and how it works. To keep it real short, hackers installs a malware on your computer that secretly mines cryptocurrency.
This is not a small issue by any means, and it is continually growing. MacAfee Labs – one of the most well-known cybersecurity companies in the world – recently released a report that highlighted the ways that hackers often spread “cryptojacking” tactics through various social media platforms such as Slack and Discord. The report also pointed out that throughout 2018 crypto mining malware grew by an astonishing 4,000%.
Back to the new cryptojacking tactic that involves Wikipedia
The tactic was discovered by a security researcher whose name is unknown but is the person who runs a Twitter account named @0xffff0800, which is entirely dedicated to technology and cybersecurity.
The malware launches a Powershell command, which then inserts malicious code into the Firefox browser. The attack is designed to infect movie torrent files and is also meant to infect Windows computers in particular. The point of the attack is to phish for any Bitcoin or Ethereum addresses that the user might have. It’s an advanced virus as it then actually aims to replace these victims addresses with the hacker’s wallet.
The next thing is the donation scam involving Wikipedia that cryptocurrency cybercriminals are now utilizing. This same virus injects code that actually adds a fake donation banner to their Wikipedia. Whilst Wikipedia does accept donations, these cryptocurrency addresses are part of the fake banner, and are actually malicious wallets.
Most people have seen the banner before. If you go onto Wikipedia’s home page now, you should be able to see the banner as well, but you have to be careful and ensure that you are actually on Wikipedia’s true home page.