Coin-mining Malware Jumps from ARM to Intel

A coin-mining exploit that was previously only witnessed on ARM devices has crossed the manufacturer divide into Intel devices. The malware was discovered by Larry Cashdollar, the senior security researcher at Akamai. He termed it an IoT malware installation that focuses on Intel systems. Delving further, he goes on to state that he believes the malware is a derivative of IoT crypto mining botnets that have been notorious in the recent past for hijacking IoT devices to add processing to their mining pools.

How it Works

The malware was designed specifically to infect Intel x86 and 686 processing architecture. Initially, the malware attempts to establish an SSH connection on port 22 and deliver itself as a gzip-compressed archive. Once it’s successfully on the machine, the malware does a scan for any existing copies of itself. If it finds a version of itself that’s the same as the one within the archive, it ceases installation. On recognizing an earlier version of itself, it terminates the processes and then resumes the install.

The malware unzips three executables from itself into distinct folders. The folders contain a modified version of XMRig crypto mining software, in x86, 32bit, or 64bit formats. To further confuse users, the executables are named after conventional Unix processes, making it difficult to spot when the malware is installed and running. Once all of the above has completed successfully, the malware installs the mining software itself and edits the device’s crontab file so that it persists even after a reboot.

The Monetization of Unsecured Resources

If a company fails to secure its assets, then it’s not surprising that malicious actors would take advantage of them. ARM’s IoT processors have grown wise of the port-22 exploit, and because of that, malicious users have to rely on devices that allow them to deliver their payload through SSH transfer. Cryptocurrency mining is still profitable enough if the miner has access to enough resources. By piggybacking on IoT devices, hackers can take enterprise assets and use them for personal gain without having to worry about overheads of operation.