Read time: 3 minutes

Crypto-mining malware a major threat to African markets

By , ITWeb
Africa , 08 Jun 2018

Crypto-mining malware a major threat to African markets

Crypto-mining malware, specifically Coinhive, Cryptoloot and XMRig, have been identified as the most threatening to markets in Africa over the last few months says Check Point Software Technologies.

The cyber security solutions provider claims that according to its April Global Threat Index, these crypto-mining threats were among the top six malware in South Africa, Kenya and Nigeria.

In May, Coinhive was ranked the number one threat in all three countries.

"All three are prolific crypto-mining malware, which - unlike other malware - hijack your system instead of holding it to ransom. While Coinhive leeches your machine's computational resources to mine Monero cryptocurrency when an unsuspecting user visits a web page, Cryptoloot uses your central processing unit (CPU) or graphics processing unit (GPU) power to add new transactions to the blockchain, thereby releasing new currency. Similarly, XMRig is an open-source CPU mining software used to mine Monero cryptocurrency," reads a statement issued by Check Point.

This will affect a business in one of two ways said Doros Hadjizenonos Country manager – SADC at Check Point. "Either the hacker's mining operation will consume large volumes of power and leave a horrible surprise in your electricity bill, or the operation will overload the CPU of the infected machines, slowing down your hardware performance dramatically. This is because the malware will defer your machine's critical tasks to keep the mining operation in progress."

"And because cryptominers are created to generate as much profit as possible, most will disrupt the day-to-day operations of your business considerably," he added.

However, as Check Point explains, the worst aspect of this malware is that it does not require any action on the part of the user to make a profit.

"Take ransomware for example – ransomware relies on the victim to pay a ransom for the attack to be profitable. Similarly, banking Trojans, which steal bank account credentials, need you to first access your account so that they can harvest your user name and password. But cryptominers don't need you at all. In fact, all they need is your browser to be up and running, and they're in business - literally," the company states.

Hadjizenonos warns that in extreme cases, a cryptomining attack can consume the entire combined CPU power of a company's servers.

"This not only increases your hosting and electricity costs dramatically, but it also drastically lowers your systems' service ability. Basically, your machines will gradually slow down and heat up, causing a significant reduction in user productivity.

Poor server patching

According to Check Point the most baffling part about the crypto-mining scourge is that the malware often succeeds because of poor server patching.

"In fact, Check Point's researchers discovered that an astounding 46% of the world's organisations have been targeted because of their Microsoft Windows Server 2003 vulnerability. Another 40% have been attacked because of Oracle Web Logic vulnerability.

What's more, hackers can also infect your company's web servers, embedding the mining javascript in your sites' HTML pages. Needless to say, the consequences of this could be extensive – compromising both your business' reputation and customer relationships," said Hadjizenonos.

Daily newsletter