People in lockdown are watching more movies and TV shows, and some users are getting their content from pirate streaming services and torrents. It turns out that attackers are using those channels to install and run coin miners.
Using torrents and pirated materials to distribute malware is not something new. It’s been going on for a while, but the lockdown determined a rise in illegal downloads. As you can imagine, besides the illicit aspect of the situations, users are also exposing themselves to other risks.
In the case of the campaign discovered by Microsoft Security Intelligence, the malware planted by attackers consists of coin miners. These applications are using the power of the PCs to dig up cryptocurrencies. It could very well be some malware that steals credentials or that monitors the keyboard.
The method used by attackers is not all that complicated. As people download their favorite movies, they are actually downloading ZIP files, which runs a VBScript.
“The VBScript runs a command line that uses BITSAdmin to download more components, including an AutoIT script, which decodes a second-stage DLL. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing,” says Microsoft.
The coin mining software itself will use the PC’s hardware, and users will most likely notice slowdowns. The campaign was observed being deployed in parts of Spain and South America.
The campaign only goes to show that criminals will use any means necessary to share malware or to increase their reach, no matter the channels or attack vectors.
At the very least, users should have a security solution in place and active at all times. And, it goes without saying that it’s illegal to download and share pirated content in the first place.