Beware: Russian WebCobra - Crypto Mining Malware Exposed

Published on 2018-03-06 by Cryptovest Staff

New crypto jacking malware with Russian origins smuggles a cryptocurrency miner into a victim's computer, McAfee Labs warns.

The cybersecurity experts from McAfee Labs discovered a new crypto mining malware dubbed WebCobra.

According to the latest report prepared by the company, which specializes in threat research, threat intelligence, and cybersecurity, malicious software they have dubbed WebCobra has come from Russia. While WebCobra can be traced around the globe, Brazil, South Africa, and the United States are among the worst-hit regions.

The snake attack - how it happens

WebCobra sneaks into a victim's computer via rogue PUP installers that check the running environment and install the mining software depending on the architecture and system specifications.

This malware is rather unusual in that it analyzes the configuration of the compromised machine and installs Cryptonight miner on x86 systems or downloads and executes Claymore’s Zcash miner on x64 systems.

The snake bite is poisonous

McAfee Labs emphasizes that cryptocurrency mining malware usually runs quietly in the background, that's why it takes much time and effort to detect it.

Meanwhile, the unwanted outcomes for the victims are not limited to slower computer performance. The malware increases power consumption and leaves the victim with a huge electricity bill; apart from that, a processor is forced to operate in an overload state, which may reduce the processor life and result in overheating.

"As the malware increases power consumption, the machine slows down, leaving the owner with a headache and an unwelcome bill," McAfee writes in its report.

Electricity consumption issue is a big deal as it may cost from $531 to $26,170 to mine one Bitcoin, depending on where you live.

The crypto jacking problem affects individual computer users, enterprises and governmental structures alike as cybercriminals that run crypto jacking campaigns do not care whose computing power they are using.

"Coin mining malware will continue to evolve as cybercriminals take advantage of this relatively easy path to stealing value. Mining coins on other people’s systems require less investment and risk than ransomware, and does not depend on a percentage of victims agreeing to send money," McAfee writes.

Where is the antidote?

McAfee recommends taking standard precautionary measures to protect yourself from WebCobra. In particular, it is always wise to use security software that automatically blocks crypto mining scripts in browsers and install the latest versions of antivirus detectors compatible with your operating system.

While WebCobra attacks Windows users, MacOS and Linux are not immune either. Recently, Trend Micro experts discovered crypto jacking malware that targets Unix-based systems.