Cryptojackers Making Secondary Income Off Security Data Seizures: Report

According to reports at the time, 500,000 machines were trojanized with a monero cryotojacking mining protocol, XMRig, collecting 8,900 monero.  Most infected machines resided in Russia, Eastern Europe, and Asian Pacific.

In the wake of lower cryptocurrency prices, ghost mining hackers are turning to metadata seizures.

In a report issued today, cybersecurity firm Carbon Black says a well-known 2018 monero crypto mining botnet contained a secondary component capable of seizing IP addresses, domain info, usernames, and passwords. Dubbed “Access Mining”, Carbon Black researchers Greg Foss and Marian Liang say the 2018 botnet campaign has been collecting secret data for the past two years, making millions in the process.

Unbeknownst at the time, the 500,000 computers were not only hacked with the ghost protocol but also data collection software. A patchwork of programs taken from open-source code on GitHub like Eternal Blue and Mimikatz implemented on XMRig helped the hackers innovate, the report states.

The hackers turned the security data into a secondary source of income. With one infected machine selling for an average of $6.75 on dark web markets, the 500,000 haul is worth $1.69 million. Infected machines can even be rented for 24 to 48 hours as a source of passive income for hackers. Depending on the machine’s location and owner, machine values can skyrocket.

At $9,000 per monero coin, the group’s assets sit near $3.29 million Carbon Black says.

Foss and Liang say Access Mining is more than likely the result of dropping monero prices following the 2018 bear market. Following their report, the firm issued a series of tips for addressing possible concerns.

Cryptopia Users Win Victory in Court Case Over Crypto Assets Worth Over $100M

In the fallout from a hack of the New Zealand cryptocurrency exchange Cryptopia, users at last have a little good news.In a court ruling over how the remaining crypto assets will be distributed, Justice David Gendall at the High Court in Christchurch said that users of the exchange are entitled to the assets they hold in Cryptopia accounts, deciding they should be classed as “property” as they were held in seperate trust accounts.

An alternative ruling would have seen the assets classed as normal debt to be distributed among both users and creditors.

Justice Gendall described the case in a document published on Wednesday, saying: “Effectively, the tussle which is before the Court is one between the creditors of Cryptopia on the one hand and the accountholders who have invested in the various digital assets (“the accountholders”) on the other.”

The company had over 800,000 users with positive balances that would need to be reimbursed, but 37 creditors and 90 shareholders have also been vying for their stake the remaining assets of the company.

Following the hack in January of last year, it was discovered that Cryptopia had lost around NZ$30 million (US$17.85 million) in various cryptocurrencies – funds that are still missing with police still not having disclosed if they have any real suspects.

The breach left crypto assets worth around NZ$170 million (US$101 million) still held by the exchange. Grant Thornton New Zealand, which was assigned to oversee the firm’s liquidation process last May, is still trying to ascertain the details of which users held which cryptocurrencies due to poor record keeping at Cryptopia.

Also disclosed in the filing is that creditors would likely end up with a share of other Cryptopia funds to the value of NZ$5.4 million (US$3.2 million). That’s less than half of the claimed NZ$12.7 million (US$7.5 million), of which New Zealand’s tax department also seeks NZ$5 million (US$2.9 million).

With lawyers representing the creditors and the exchange users both taking different stances on the key issue of whether the crypto assets are indeed property (the creditors said they are not), Justice Gendall ultimately said: “I reach the conclusion that the cryptocurrencies here situated in Cryptopia’s exchange are a species of intangible personal property and clearly an identifiable thing of value. Without question they are capable of being the subject matter of a trust.”

“The argument that cryptocurrency is mere information and therefore it is not property is a simplistic one and, in my view, it is wrong in the present context,” he added. “I dismiss it.”

Leave a Reply

Your email address will not be published.