Cryptojackers, trojanised crypto-currency miners, continue to spread across computers globally, while also becoming stealthier and increasingly avoiding detection.
The new analysis was published by Microsoft’s 365 Defender Research Team on Thursday.
The technical write up reads: “In the past several months, Microsoft Defender Antivirus detected cryptojackers on hundreds of thousands of devices every month.”
“These threats also continue to evolve: recent cryptojackers have become stealthier, leveraging living-off-the-land binaries (LOLBins) to evade detection.”
Cryptojackers are using different tactics to force a device to mine for cryptocurrency without a user’s knowledge or consent, the report found. The most common ones are potentially unwanted applications (PUAs) or malicious executable files placed on the devices and using system resources to mine cryptocurrencies.
As well as this, Microsoft added that the tools are often created using the Javascript programming language and can infiltrate systems via browser. They warned that some cryptojackers are fileless and, in this case, perform mining in a device’s memory and achieve persistence by misusing legitimate tools and LOLBins.
Microsoft explained: “This approach allows attackers to achieve their goals without relying on specific code or files. Moreover, the fileless approach enables cryptojackers to be delivered silently and evade detection. These make the fileless approach more attractive to attackers.”
The malware can be detected by analysing its engagement with the hardware.
“Through its various sensors and advanced detection methodologies, including its integration with Intel TDT, Microsoft Defender Antivirus sees cryptojackers that take advantage of legitimate system binaries on more than 200,000 devices daily.”
