News

McAfee Labs discovers Russian malware mining Monero (XMR) and Zcash (ZEC)

McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims’ computing power to mine Monero (XMR) and Zcash (ZEC).

“Coin mining malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background with just one sign: performance degradation. As the malware increases power consumption, the machine slows down, leaving the owner with a headache and an unwelcome bill”, – reads the McAfee Labs report.

The increase in the value of cryptocurrencies has inspired cybercriminals to employ malware that steals machine resources to mine crypto coins without the victims’ consent.

The examined Russian application WebCobra silently drops and installs the Cryptonight miner or Claymore’s Zcash miner, depending on the architecture WebCobra finds.

Upon close analysis, the researchers noticed the attackers are distributing the software through a malicious Microsoft installer package. Interestingly, the package was programmed to install Cryptonight miners on x86 systems, and Claymore’s Zcash miner on x64 systems.

While the researchers tracked the origins of the malware to Russia, the report notes that currently the infection seems to have impacted Brazil, South Africa, and the US most severely.