"Microsoft: Cryptojackers Continue to Evolve to be Stealthier And Spread Faster"
Security researchers Microsoft’s 365 Defender Research Team have found that trojanized cryptocurrency miners, also known as cryptojackers, continue to spread across computers worldwide while also becoming stealthier and increasingly avoiding detection. In the past several months, Microsoft Defender Antivirus detected cryptojackers on hundreds of thousands of devices every month. The researchers stated that these threats continue to evlove and found that recent cryptojackers have become stealthier, leveraging living-off-the-land binaries (LOLBins) to evade detection. According to the researchers, cryptojackers are using different tactics to force a device to mine cryptocurrency without a user’s knowledge or consent. The most common ones are potentially unwanted applications (PUAs) or malicious executable files placed on the devices and using system resources to mine cryptocurrencies. Additionally, the researchers stated that cryptojackers are often created using the Javascript programming language and, in this case, infiltrate systems via browser. Some cryptojackers are fileless. In this case, they perform mining in a device’s memory and achieve persistence by misusing legitimate tools and LOLBins. The researchers stated that this approach allows attackers to achieve their goals without relying on specific code or files. The fileless approach also enables cryptojackers to be delivered silently and evade detection. These make the fileless approach more attractive to attackers. The researchers noted that Microsoft Defender Antivirus sees cryptojackers that take advantage of legitimate system binaries on more than 200,000 devices daily.