Cryptor, Miner, Net-worm, Oh My! The Latest Malware Plaguing the Web.
The first computer viruses did little more than pilfering users’ address books to spread themselves to other victims. More recently, malware has become exceedingly complex, encrypting users’ data and demanding payment or secreting itself away in users’ processors to quietly (and disastrously) mine cryptocurrency.
Still, users typically needed to fear only one of these attacks occurring at one time — until now.
Researchers have uncovered a new type of malware that can launch any one of these three types of a cyber attack — a net-worm, a Cryptor/ransomware or a cryptocurrency miner — once launched on victims’ devices. To learn more about this surprisingly complex threat, as well as what it means for the future of malware and cybersecurity, read on.
The King of All Trojans
This latest Trojan is easily among of the most intriguing malware to emerge in recent months — which is notable seeing that the malware isn’t exactly new.
The Rakhni Trojan was first identified in 2013 as a basic form of ransomware, and it has meandered around the web since, infecting small numbers of users and generally failing to generate headlines until this month. Now, instead of automatically ransoming a user’s files, the malware has a choice to make: encrypt or mine?
Rakhni spreads from victim to victim in the form of a PDF contained in a DOCX attachment to an email. A user who opens the document and permits editing will receive a prompt requesting permission to run an executable file from an unknown publisher. As soon as the user clicks “yes,” Rakhni launches into action, downloading malicious files.
Swiftly the malware disables Windows Defender and installs fake digital certificates. To the user, the program looks to be a faulty document viewer; once the user has moved away from the infected device, Rakhni has time to make its critical decision whether to function as ransomware or burrow deep as a cryptocurrency miner.
Despite fears that Rakhni was the first of AI-based malware — more on that later — it was immediately obvious to researchers that the malware’s choice was dependent on one factor: whether a user mines any Bitcoin themselves.
Service folders labeled Bitcoin prompt Rakhni to function as ransomware, encrypting files and demanding payment within three days. Otherwise, the malware determines that he has enough processing power to function as a cryptocurrency miner and downloads additional programs to begin that endeavor.
For the most part, Rakhni has avoided U.S. machines, preferring to float around Russia, Kazakhstan, and Ukraine with occasional spottings in Germany and India.
The attachments are disguised as potentially useful documents, like financial information, but the emails are typically obviously spam. It seems most likely that Rakhni’s handlers are interested in attacking corporations, but if the malware becomes more popular, it probably won’t discriminate against consumer machines.
What Users Must Do
Though Rakhni’s flexibility makes it seem like a formidable foe, it isn’t difficult to avoid infection from this malware. Obviously, users can avoid the infection altogether by practicing good cyber-hygiene and avoiding unfamiliar emails or suspicious attachments.
Additionally, Rakhni is only equipped to disable Windows’s built-in security programs; installing a maximum security suite from a trustworthy third party is a good way to identify and quarantine the malware before it attacks. Most antivirus programs scan downloads and isolate dangerous files before they can do damage, so having additional protections is always a good idea.
Unfortunately, not all malware is as easy to thwart as Rakhni. In fact, current developments in the infosec industry indicate that malware will become much more complex — and much more difficult to defend against — in the near future.
The Future of Malware
As artificial intelligence becomes more common, users should expect its power to be used by both sides of the security war.
Infosec professionals are excited by the prospect of AI-backed security software, but it is important to remember that AI can also be used to generate outstandingly complex malware, some of which might cut through existing digital defenses like a hot knife through butter.
Rakhni does not utilize AI, but if it did, it would likely be able to send more realistic-looking emails, disable prompts that require user permissions and circumvent existing, non-AI security programs.
It might also use more detailed algorithms to determine whether encrypting or mining is the proper choice, and it might have other options post-infection, such as forming a botnet or taking physical control of the machine, like Stuxnet. Rakhni is a rudimentary malware, it but is the first taste of a type of flexible malware we are likely to see more of in the future.