A group of hackers in South Korea targeted thousands of computers last year in a massive cryptocurrency mining scam, it emerged this week. The five hackers managed to compromise over 6,000 computers, from which they sent a total of 32,435 emails. Each of these emails contained malware to utilize the recipient computer’s resources to mine Monero.
According a report from the Korean National Police Agency Cyber Bureau, the group pooled 6,038 email addresses from unsuspecting IT contractors looking for work. It pretended the emails contained documents relating to their work search when in fact they contained the mining malware. The group performed this feat in just over eight weeks during late 2017.
Anti-virus to the Rescue
Despite the scale of the attempt, anti-virus technology in most users’ computers was able to detect and remove the malware within three to seven days, subsequently blocking it if the hackers tried to re-infect it. Authorities and local cyber security firms were able to quickly diagnose and treat the remaining computers, meaning that the hackers were able to get away with less than $1,000 before the police shut down the operation and arrested the perpetrators.
Computers being infected with crypto mining malware is nothing new, indeed such cases are up 400% in a year. But, this represents the first time the South Korean police have been involved. In comparison, a Chinese hack in July infected one million computers and generated around $2.2 million for the criminals.
Protect and Monitor
The audacious attempt was thwarted in the main because of up to date anti-virus software on users’ computers. This simply illustrates the benefit of having reputable anti-virus software installed and keeping it up to date. A tell-tale sign of a computer that has been hijacked and used for mining cryptocurrency is an unusually high workload on the CPU. For that reason, monitoring software with alerts could also be beneficial in detecting such activity.