South Korea: Four ‘Young’ Hackers Booked in Cryptojacking Case Targeting Over 6,000 PCs

Published at: Nov. 8, 2018

Four “young” hackers have been arrested in a cryptojacking case involving over 6,000 computers in what is allegedly South Korea’s “first” known case of its kind, Korean English-language news outlet Aju Daily reports Nov. 8.

Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

Aju Daily cites a statement from the National Police Agency's cyber bureau that clarified that the four accused had not been detained, but would face a trial for allegedly infecting 6,038 PCs with malicious mining malware, which had been concealed in job application documents sent via email.

The cryptojacking campaign is said to have lasted two months as of October 2017, but resulted in mined crypto worth only worth around one million won ($895).

According to daily South Korean newspaper Hankyoreh, the mined crypto was anonymity-oriented altcoin Monero (XMR), which frequently features in cryptojacking cases that employ the “Coinhive” code — a program created to mine XMR via a web browser. According to a study published this summer, around 5 percent of all XMR in circulation has been mined surreptitiously through cryptojacking, a figure that was noted to likely be “too low.”

Hankyoreh similarly reports that the case is the first in the country to have drawn the attention of the police authorities. The newspaper notes that some of the emails masking the malware resembled real resumes, resulting in the infection of computers used by human resources (HR) staff, adding that the hackers targeted 32,435 people in total. A police official told Hani that:

"Security firms quickly responded to the spread of malware, and [the hackers’] revenue was not very high. Most of the cases were detected by anti-virus software within 3 ~ 7 days. When it was detected, the hackers sent further malware, but it was soon detected again.”

In a global context, the South Korean case is dwarfed by other cryptojacking campaigns; in July, 20 suspects were arrested in China in a major case that allegedly affected over one million computers and generated 15 million yuan (around $2.2 million) in illicit profits.

Tags
Related Posts
Report: Container Software Vulnerabilities On the Rise, Mining Malware Is Fading Away
Cryptocurrency ransomware, botnets and backdoors seem to have replaced cryptocurrency mining malware as the tool of choice for cybercriminals, according to a recent report from computer security firm Skybox Security. In its report dubbed “2019 Vulnerability and Threat Trends: Mid-Year Update,” Skybox reviews software vulnerabilities and newly developed exploits, as well as malware and attacks, among other related issues. Cloud services vulnerabilities are on the rise When it comes to digital currencies, the report notes that in 2018, cryptocurrency mining malware was the most popular tool for cybercriminals. However, following the decline in cryptocurrency values, attackers reportedly turned to ransomware, …
Cryptocurrencies / July 24, 2019
Malware on Official Monero Website Can Steal Crypto: Investigator
The software available for download on Monero’s (XMR) official website was compromised to steal cryptocurrency, according to a Nov. 19 Reddit post published by the coin’s core development team. The command-line interface (CLI) tools available at getmonero.org may have been compromised over the last 24 hours. In the announcement, the team notes that the hash of the binaries available for download did not match the expected hashes. The software was malicious On GitHub, a professional investigator going by the name of Serhack said that the software distributed after the server was compromised is indeed malicious, stating: “I can confirm that …
Altcoin / Nov. 19, 2019
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
XMR Cryptojacking Malware Smominru Updated, Now Targeting User Data
Malware Smominru mines Monero (XMR) on at least half a million infected computers and now also steals sensitive personal data. An updated malware Cybersecurity company Carbon Black claimed that its Threat Analysis Unit “uncovered a secondary component in a well-known cryptomining campaign” in a report published on Aug. 7. According to the firm, the malware has now been updated to “also steal system access information for possible sale on the dark web.” Per the report, the update is part of a broader trend in malware development: “This discovery indicates a bigger trend of commodity malware evolving to mask a darker …
Hackers / Aug. 10, 2019
Crypto Price Tracking App CoinTicker Installs Backdoors to Control Host Computer: Report
Cybersecurity publications were sounding the alarm over cryptocurrency malware again Monday, Oct. 29 after a Malwarebytes forum user reported a price monitoring app for macOS was a trojan. Confirmed in a blog post by the cybersecurity software developer, community member 1vladimir reported suspicious behavior by an app called CoinTicker over the weekend. The app purports to let users track cryptocurrency prices from within the Mac toolbar, which update automatically. “Although this functionality seems to be legitimate, the app is actually up to no good in the background, unbeknownst to the user,” Malwarebytes’ blog post explains, adding: “Without any signs of …
Cryptocurrencies / Oct. 30, 2018