Recently I encountered a major threat that could turn your CPU into a miner – for crypto.

Earlier this week, I serviced a laptop for a friend of mine. Her web browser downloaded malware without her knowledge. While visiting a website, the application downloaded itself to her laptop.

According to Symantec, the malware in question, WASMcoinminer (Web Assembly coinminer), is part of a JavaScrupt coinminer that runs in web browsers. WASMcoinminer provides an API for additional malware, namely, JScoinminer. Both applications work together to steal processing power from a laptop without the user’s knowledge or permission. This occurs as long as a specific webpage remains open in the victim’s browser.

Attackers used malicious code on the website that checked each visitor’s Javascript settings within their browser. This method is used to confirm a browser can grant access to the computing power of a host machine’s CPU. Once confirmed, the WASMcoinminer script launches additional malicious code.

The file containing the code was automatically quarantined by Symantec. I performed a full virus scan on her machine to confirm the integrity of the system and found no damage was caused. I deleted the application from Symantec’s quarantine and deleted the affected website from her browsing history. This ensures the site will not automatically populate within her search bar by mistake.

First it was our information, now it’s our electricity and processing power. Sometimes, it’s both. Cybercrime has been around since the 90s, yet we still see new threats to our personal resources. Hopefully there is a remedy for these attacks. I’d like to see a safer Internet sooner rather than later.

Check out the links below for more info on this phenomenon!

-RC

My words on cryptojacking

Symantec’s Security Response to WASMcoinminer

Dan Goodin on the latest cryptojacking assault on WordPress enabled websites