People in lockdown are watching more movies and TV shows,
and some users are getting their content from pirate streaming services and
torrents. It turns out that attackers are using those channels to install and
run coin miners.
Using torrents and pirated materials to distribute
malware is not something new. It’s been going on for a while, but the lockdown
determined a rise in illegal downloads. As you can imagine, besides the illicit
aspect of the situations, users are also exposing themselves to other risks.
In the case of the campaign discovered by Microsoft
Security Intelligence, the malware planted by attackers consists of coin
miners. These applications are using the power of the PCs to dig up cryptocurrencies.
It could very well be some malware that steals credentials or that monitors the
keyboard.
The method used by attackers is not all that complicated.
As people download their favorite movies, they are actually downloading ZIP
files, which runs a VBScript.
“The VBScript runs a command line that uses BITSAdmin to download more components, including an AutoIT script, which decodes a second-stage DLL. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing,” says Microsoft.
The coin mining software itself will use the PC’s
hardware, and users will most likely notice slowdowns. The campaign was
observed being deployed in parts of Spain and South America.
The campaign only goes to show that criminals will use
any means necessary to share malware or to increase their reach, no matter the
channels or attack vectors.
At the very least, users should have a security solution
in place and active at all times. And, it goes without saying that it’s illegal
to download and share pirated content in the first place.