sb-as logo
Story image

EITest hijacks tech support scam pages to mine cryptocurrency

26 Sep 2017

Tech support scams are now being used as social engineering tools as part of EITest’s campaign to deliver Coinhive’s Monero cryptocurrency miner, researchers at Trend Micro Labs report.

EITest has been around since at least 2014 and uses compromised websites to inject malicious scripts and divert browsers to fraudulent websites.

Tech support scams, which scare users into believing there is a problem or infection in their computer, often use websites to con users into paying for services and handing over financial information.

The EITest campaign’s latest moves have involved adding the Coinhive JavaScript (JS) cryptocurrency miner to take over computers and turn them into cryptocurrency miners themselves through the Google Chrome browser.

The phishing script is coded to notify the user to download the Hoefler Text font to properly display the page, but it actually downloads a malicious executable file. EITest takes this up a notch: If the user’s browser is Internet Explorer, he is redirected to a tech support phishing page containing the Coinhive Monero-mining JS script,” researchers continue.

The cryptocurrency miner is the same one that is embedded in The Pirate Bay’s website, researchers state.

The tech support scam asks users to call ‘Microsoft Technical Department’ to apparently fix the issue. However while this is happening, the page loads script from the Coinhive server and launches the JavaScript cryptocurrency miner.

“Users won’t notice that their system has been affected apart from system lags or performance issues,” researchers state.

87% of the infections are hitting Japan, while Australia accounts for 2%. Attacks are also hitting the United States, France, Canada and other countries.

Cryptocurrency mining is becoming a bigger issue for security, as criminals can profit without investing much in their own malware creations.

“For end users, however, the impact isn’t just about system wear-and-tear or performance issues. From January 1 to June 24, for instance, our sensors noted that 20% of cryptocurrency-mining activities entailed web- and network-based attacks. From cross-site scripting and remote code execution to brute force attacks and SQL injection, intrusive and malicious cryptocurrency miningcan threaten the availability and security of a network or system, and the data stored on them. Worse, victims become part of the problem,” researchers state.

Trend Micro recommends the following best practices to prevent and mitigate cryptocurrency mining attacks:

- Update and patch operating systems and browsers - Be wary of suspicious websites and email attachments - Consider using JavaScript-blocking applications that prevent scripts like Coinhive from running - In this case, closing the browser or website will stop the Coinhive script from running.

Story image
AWS launches fully-managed fraud detection service
Businesses lose billions of dollars to online fraud every year, however businesses respond by investing in cumbersome fraud management solutions that often rely on hand-coded rules and are difficult to keep up to date.More
Story image
Video: 10 Minute IT Jams – Who is Claroty?
Its focus is on simplifying OT availability, reliability, and safety for a more secure working environment – without requiring downtime or dedicated teams.More
Story image
Interview: ThreatQuotient champions threat intelligence through virtual 'situation rooms'
To understand what it involves and some of the collaboration challenges that come with distributing threat intelligence amongst specialised security teams, we spoke to ThreatQuotient APJC regional director Anthony Stitt.More
Story image
App install fraud up $945 million in APAC
Asia Pacific was exposed to US$945 million in app install fraud in the first half of 2020. This is according to the AppsFlyer annual fraud report The State of Mobile Ad Fraud 2020 Edition. More
Story image
80% of security breaches involve exposure of customer data - IBM
The new report from IBM indicates that 80% of surveyed organisations reported having exposed customers’ personally identifiable information (PII) as a result of a breach.More
Download image
451 Research: The new shape of the enterprise network
In this new world, distance has become the silent digital business killer. Latency looms large, especially for high-performance edge applications, IoT and 5G use cases. More