July 9, 2026

Capitalizations Index – B ∞/21M

New Cryptojacking Campaign Infects Asia Using More Profitable Tactics

New cryptojacking campaign infects asia using more profitable tactics

New Cryptojacking Campaign Infects Asia Using More Profitable Tactics

Cryptojacking — the process of infecting computers with malware to mine cryptocurrency — has declined alongside prices during cryptowinter. But like any dextrous organism facing extinction, the virus and its propagators are adapting.

According to a report by cybersecurity analytics firm Symantec, cryptojacking incidents have plummeted 52 percent since January 2018, but the method of delivery, the execution and the targeting schemes have grown more sophisticated.

Specifically, Symantec’s latest report focused on Beapy, a cryptojacking campaign sweeping through Asia by taking specific aim at business and enterprise. Using a software exploit called EternalBlue, which was developed by the United States’ own NSA, the virus is spread via email. Symantec first tuned into the growing threat in January of this year.

With infection rates spiking in March and continuing an exponential upward trajectory since, the firm has concluded that, based on the virus’s infection route, “it was probably always intended to spread throughout enterprise networks.” Described as a “worm” by the report, the virus effectively infiltrated vulnerable devices and, using a matrix of cyber tunnels, bored its way into devices connected to the same server or network.

“This campaign demonstrates that while cryptojacking has declined in popularity with cyber criminals since its peak at the start of 2018, it is still a focus for some of them, with enterprises now their primary target,” the introduction to the report asserts.

Beapyfig1. Png

Graph courtesy of Symantec

Some 98 percent of infected parties are enterprise related, the report continues, mirroring 2018 trends in ransomware attacks wherein a drop in overall threats corresponded with an increase in enterprise-focused infections. These attacks, Symantec Threat Intelligence Analyst Allan Neville told bitcoin Magazine, can “[render] some devices unusable due to high CPU usage.”

China has become the main target of this particular attack, dwarfing all other affected countries with a staggering 83 percent share of all infections. Other afflicted countries include Japan, Vietnam, South Korea, Hong Kong, Taiwan, Bangladesh, Philippines and — the only two outside of the Eastern Hemisphere — Jamaica and Japan.

Virus Infection Strategy

The virus was initially spread through Windows devices via an infected Excel spreadsheet. Once opened, the spreadsheet would create a backdoor into the computer’s OS, making use of the DoublePulse exploit that was leaked in the same batch of cyber tools that gave the attackers the EternalBlue vector for their operations.

Exploiting a weak point in Windows’ Server Message Block protocol, the files containing the virus could then be spread “laterally across networks.”

The mining malware also commandeered credentials, such as passwords and usernames, from infected devices to spread to other computers in a network. Moreover, the firm found versions of Beapy on a public-facing web server, using a list of IP addresses connected to this server to create a hit list of potential victims.

More Upside Than Before

One of the study’s most interesting findings is that Beapy is unlike the run-of-the-mill cryptojacking malware most often employed when infections were at their zenith in early 2018.

Most of these campaigns employed browser-based miners. These viruses largely leveraged the Coinhive protocol, a non-malicious software implementation that was employed by such sites as UNICEF, allowing its website visitors to voluntarily mine Monero for charity through their browsers upon visiting the site. Coinhive shuttered operations in March of 2019, and this, coupled with Monero’s steep depreciation in the bear market, likely led to a steady decline in cryptojacking, the report surmises.

Beapy, however, doesn’t rely on browser mining, opting instead for a much more lucrative and complex file mining approach. Unlike browser mining, file mining is more resource efficient and makes for a greater haul: the average 30-day return for this technique, for instance, could net the virus’s blackhats $750,000, making the browser mining alternative’s return seem paltry at $30,000.

Beapyfig2. Jpg

Image courtesy of Symantec

Despite it being on the rise, “file-based coinmining isn’t new,” Neville told bitcoin Magazine; it’s just “taken a back seat to browser-based coinmining the past couple of years” due to the fact that browser-based mining cryptojacking takes less technical skill.

“The launch of Coinhive — with its ready made scripts — lowered this barrier even further,” he added.

Furthermore, even if a computer is patched against the virus, they will still execute browser mining if they visit a site “that has coin-mining code injected into it.”

Neville clarified that it’s “too early to tell if we’ll see a resurgence in file-based mining compared to browser-based mining.” Still, as detection and protection against Coinminers improves, cyber criminals will look toward “alternative revenue sources.”

“As cyber criminals hone their tactics, we’ve also seen that their approach becomes more targeted.”

Defending Against the Threat

The report ends by listing the side effects of such cryptojacking infections, including device overheating and excessive battery consumption, which can lead to device degradation and spikes in electricity costs.

It also details the precautions that companies can take to insulate against such attacks. On the hardware and software side, companies can employ security solutions “to guard against single-point failures in any specific technology or protection method,” including firewalls and vulnerability assessments; robust passwords and multi-factor authentication are also a bonus.

On the employee side, education is key. In addition to basic cyber hygiene, the report prescribes lessons on what cryptojacking is and how to spot it, like watching for spikes in CPU usage and a battery drain. Neville reiterated many of these points at the end of our correspondence.

“Beyond ensuring that employees receive regular training to recognize and report phishing emails used to deliver malware, businesses should implement overlapping and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method. This includes deployment of endpoint, email and web gateway protection technologies, as well as firewalls and vulnerability assessment solutions. It’s also crucial to keep these security solutions up to date with the latest protections and ensure systems are protected against exploits such as EternalBlue.

Published at Fri, 26 Apr 2019 19:07:48 +0000

Previous Article

Why Facebook Is Dying But Wall Street Just Doesn’t Realize It Yet

Next Article

E-Trade One-Ups Rival, Readies Launch of Bitcoin Trading to Millions

You might be interested in …

减小比特币分叉在网络升级中的风险

减小比特币分叉在网络升级中的风险 如何管理分叉及分叉过程的分裂,一个给交易所和企业的指南 (译者注:本文将Fork译为分叉,仅指协议升级的一种方式,有硬分叉hard fork和软分叉soft fork之分。而将Split译为分裂,是指分叉过程中区块链产生分裂成两条链的过程。而将Fork Split译为分叉分裂,意思是分叉过程后产生了分裂。) 摘要 在比特币社区,大家都极力主张自己的扩容方案,甚至不惜以牺牲系统广泛的共识或妥协为代价,自比特币诞生以来,目前是比特币分叉过程中发生分裂的风险最高的。目前有一件事情是可以肯定的,比特币扩容方案的僵局一直持续下去的话,那么唯一的结果就是我们无法实现比特币扩容。从这个意义上来说,尽管有些不公平,但是对于所有的成员来说,进行分叉后分裂是最好的结果。本文在比特币要进行分叉分裂的假设下,试图说明企业和用户在比特币区块链上进行分叉分裂的技术处理方式,以及如何管理比特币区块。。 本文的动机是,最近从Core 社区传出要实行UASF(一个只需要少数算力支持,不过还是需要大多数经济节点支持的执行方案)的消息,这对网络稳定的威胁是清晰且迫近的,尤其是经营比特币的交易所和企业。在UASF的情况下,区块链有可能分成2个或者3个分支,如果在毫无预警的情况下实行UASF,企业,尤其是交易所如果无法应对这一特殊情况,有可能面临丢失客户资金的风险。不管他们实际上是否有意支持各种分叉,本文的目的在于让企业做好准备,以便他们能够在那样的情况下继续保护客户资金。 区块链分叉类型 首先我们列举了可能发生的分叉类型 软分叉 软分叉是一个增加新的共识规则,这个新的共识规则是当前规则的子集。在新链上,区块遵守新的更严格的规则将是有效的区块,在旧链上,如果按照旧链上更宽松的规则生产出来的区块将有可能在新链上是无效的区块。 硬分叉 硬分叉是一个移除或者放宽共识规则的分叉。在新链上,遵守新规则的区块是有效的区块,只是在新链上有效,并且在旧链上无效,然而旧链生产的区块在新链上是有效的。 小算力(硬/软)分叉 小算力分叉在以下情况下会产生:小算力区块链通过生产不被大算力所接受的区块有意地进行网络分叉。此外,小算力区块链可以任意创造规则,强行使所有未来主链上生产的区块在小算力区块链上是无效的。 大算力(硬/软)分叉 大算力分叉是在以下情况发生: 获得大算力支持的区块链通过发布一个小算力区块链不接受的区块有意地对网络进行分叉。 用户激活软分叉 这种类型的软分叉是在多数用户节点(钱包,全节点)升级到一个可以协调区块高度的软件版本时完成的,这个区块高度会加强特定的新的有效性规则。例如,有一个规则规定,如果一个区块的UXTO集合没有支付到新隔离见证输出的话,那么它就是无效的。这个规则就算没有多数的算力支持,也能执行。总的来说,这是一种特殊的小算力分叉。大算力分叉偏向于获得多数算力支持,UASFs偏向于获得多数经济节点的支持。 这种小算力分叉有生成三种分支的额外风险。因为这种小算力分叉是由节点推动的,这意味着一旦发生了这种分叉,另一个分支将获得大多数算力。作为避免自己不被重组(见如下)的一种反应,多数算力会立刻执行一个大算力软分叉,因而会产生3条区块链:大算力软分叉,小算力软分叉和原始区块链。这种状态是暂时的,因为原来的区块链分叉后最终会被其中一条软分叉区块链超过或者合并/重组。 这种类型的分叉有可能让客户无法看到从交易所提现的过程,给交易所带来售后服务问题。交易所趋向于升级他们的节点以支持两种分支,并确保客户的提款请求通过这个升级节点来进行。支持这项政策隐含的意思是:交易所同意未来分裂比特币产品。这意味着客户必须在交易所的会计系统中创建和持有他们在其他链上的余额。我们建议交易所在进行提款之前完成分裂比特币,以此来避免将账户余额弄混。(见如下分裂比特币的过程) 分叉的技术特点 重组风险 重组风险是在经过分叉后,原来是小算力区块链有可能超过大算力区块链,导致更长区块链回到小算力链上,这会导致这条(大算力)区块链上的从分叉点开始后的所有交易被取消。实际上这就是正常比特币网络的孤块,但一周出现数次几个区块重组并不常见。在分叉后的分支链上发生的重组是单边的,单边是指只会发生在分叉侧或原链侧中的一条链。 由于软分叉的固有特性,即在现有的规则条件下 ,软分叉收紧了区块有效性的规则,所以它会在原始链上带来区块重组的风险。分叉侧永远不会接受原始链的区块。因为原始链区块不符合软分叉的新增规则,所以在分叉侧看来这些原始链新增的区块,是无效的区块。反过来则不成立。因为在分叉侧中,这些符合更多附加规则的区块,显然也符合原始链的规则。所以,有一定的小概率会发生这样的情况:分叉侧区块链的增长速度,可能会超过原始链的增长速度,进而导致原始链上的区块被重组。对于硬分叉,上述情况刚好是反过来的:即只可能会在分叉链上产生重组,而原始链上不会出现区块重组。这是因为分叉链的新增规则,在原始链上是不兼容的。所以,硬分叉只可能有在分叉侧产生区块重组的风险,原始链不会受到影响,即原始链没风险。 这种风险只有一个因素,如果在规则收紧的这条链上有更大追求利润的PoW算力,这超过了原始链的算力,这就导致在这条链上挖到比原始链上更多的连续区块。这时,原始链就必须要考虑重组风险。如果这个风险太大,可以在分叉区块后建立一个一次性的检查点,这就就不会发生重组了。其中一个可行的实现方法是添加一个软分叉规则,这个软分叉可以让任何不包含分叉区块作为其祖先块的区块是无效的。 重组风险是对抗跟随小算力区块链的风险之间的一种平衡。如果一个人总是想要追求最长工作量证明链,那么重组风险是不可避免的。添加一个检查点来避免重组风险,又将引起跟随小算力区块链的风险,并且导致从多数经济侧分离出来。 分离比特币资产 从比特币分叉点后将会可能出现三种类型,分叉前币(pre-fork), 分叉后红币(post-fork […]