Crime fighting agency Interpol has taken action against a widespread crypto malware attack in Asia. During Operation Goldfish Alpha the agency worked together with TrendMicro, national Computer Emergency Response Teams and police across ten different nations. They managed to remove the Coinhive crypto malware from 78 percent of the 20 thousand found routers.
The Interpol Global Complex of Innovation (IGCI) has been working for five months to battle crypto malware installed on MicroTik routers across Asia. The international crime fighters of Interpol fond these routers in the following countries: Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam.
TrendMicro had prepared guidance documents for the victims of the crypto mining malware. This allowed them to patch the router and uninstall the mining software. The operations was completed by the end of November, even though there are still efforts going on to remove infections from remaining devices.
Interpol suggests that the operations accounted for 18 percent of all infections globally. They didn’t specify whether those numbers refer to the total number of infections or only infected routers. Most likely they were just mentioning infected routers, as earlier reports about cryptojacking mentioned much larger numbers of infected machines. However, the malware still runs on more than 110 thousand infected routers.
Cryptojacking becoming more sophisticated
A router doesn’t produce lots of computing power, and therefore it won’t be a strong contributor to the mining process. Hackers who are actively cryptojacking don’t care about the computing power, as everything they do is a number game. By infecting twenty thousand routers they are able to generate the same amount of cryptocurrencies as a couple of computers.
As a result cryptojacking is all about finding badly secured computers and hardware using widely known weaknesses. The idea is that nobody updates their hardware properly. These cyber attacks abuse this passive attitude of the general public.
When it comes down to the numbers, there’s a decrease of infected computers and malware deployments. At the same time virus scanners often recognize crypto malware. At the same time these hackers are becoming so much more sophisticated with their cyberjacking activities. Over the past year we’ve seen crypto malware hidden in audio files, in a photo of Taylor Swift and in WordPress plugins. As the value of cryptocurrencies is going up, we’ll see a new wave of malware hitting the market.
Also published on Medium.