Yesterday Carbon Black, a company that deals with cybersecurity, published a report that shows an evolution of cryptojacking on Monero, leading to the discovery of a new technique: Access Mining.
This particular attack, which was detected through a collateral investigation into the Smominru crypto mining botnet, not only mines Monero (XMR) but also places backdoors to remotely access the various infected terminals and sell these access data on the dark web.
“Carbon Black discovered Access Mining while investigating a prominent crypto mining botnet, Smominru. In addition to mining Monero cryptocurrency, it has evolved to also backdoor infected systems and expand their capacity to mine while exfiltrating sensitive system information. Based on the specific system details they gathered, it is plausible this information could be sold on an access marketplace, allowing for remote access into these systems for use as zombies in large-scale attacks or to execute targeted attacks on specific hosts at specific companies”.
The report explains that half of the recent attacks use this technique because it allows a second profit: not only does it mine Monero but it also collects large amounts of personal data of users.
Many are blaming Monero’s privacy feature which makes it is one of the most anonymous cryptocurrencies. Criminals use it to their advantage for extortion and, indeed, in techniques such as Access Mining.
Recently, even the government of Baltimore and Florida have had problems with criminals who have demanded a reward in cryptocurrency after blocking the terminals of the cities, although in this case bitcoin (BTC) was requested and not Monero.