Step down, ransomware; cryptojackers have been the latest and greatest malware threat for the past few months, and this latest evolution is proving they deserve the top spot on digital threat lists.
Unlike other forms of malware, cryptojackers don’t make themselves known once they infiltrate devices; they lurk in the background, sucking up processing power to mine cryptocurrencies for their authors. Now, hackers have found a way to use IoT devices to get cryptojacking malware onto victims’ computing devices — which makes network security that much more important.
Shellbot, Monero and IoT Devices
Shellbot — also called Backdoor.Shellbot — is a well-known Trojan virus that was first discovered in 2005, and it allows users to gain remote access to devices and control them in various ways. Some variants of Shellbot amass a botnet of zombie computers, which can then be used to attack larger and better-protected networks. Indeed, the almost-famous botnets Kraken, Mariposa and Kneber were all created using Shellbot tech.
Since November 2018, a modified version of Shellbot has been active, sending shivers down infosec professionals’ spines. Created by the Romanian hacking group Outlaw (or Haiduc in Romanian) this variant targets Linux users with IoT devices connected to their networks. This is because Shellbot enters a network through a command injection vulnerability, which is a common exploit to IoT devices. From there, a channel is open into victims’ devices. Typically, Shellbot continues to unleash another payload, which nestles deep into users’ systems to mine cryptocurrency without leaving a trace of an attack. However, because the channel is open, devices might be used in a botnet or loaded with additional malware.
Though Linux and Ubuntu users seem to be Outlaw’s top priority, security researchers believe that Shellbot can function in Windows-based environments as well as Android devices. However, more pressingly, Shellbot is further proof that IoT devices aren’t nearly as secure as they should be before hitting the market, and users need to take additional steps to protect their networks and devices.
What Users Can Do to Stay Safe
Shellbot isn’t necessarily more nefarious or wily than other cryptojackers on the web — or even other types of malware, for that matter. Nearly all malware is easily defended against with the right web browsing habits and security tools.
Users who want to build an IoT household should know the risks associated with this relatively new tech. Because the IoT market is so novel, it has exploded with popularity, driving up competition amongst developers and manufacturers. As a result, IoT devices tend to go to market riddled with vulnerabilities, which developers expect to close in after-market updates. Unfortunately, most IoT users are ignorant of the importance of these updates as well as the methods of installation, so an abundance of security holes remain.
Those who have IoT devices should use their manufacturers’ websites to research whether firmware updates are available and how to apply them. It’s important to check back for additional updates periodically as all devices develop security holes over time.
Next, users should protect their computing devices from their IoT devices. Because computers and phones hold more data and have more processing power than connected things (like washer-dryers and televisions) it is good to separate them from IoT devices to keep them secure. One somewhat extreme solution is to create a separate Wi-Fi network for IoT devices, so malware that finds its way onto those devices has no way of reaching computers and such.
However, a more practical solution for most users is employing network security monitoring tools, which will inform administrators how devices are performing and what kind of traffic is occurring on the network. This makes it much easier to detect abnormalities, like Shellbot launching an attack to cryptojack devices.
The Future of Cryptojacking
Shellbot certainly isn’t the only cryptojacker on the web — it’s just the first to leverage IoT devices to access computers for cryptocurrency mining. Between 2017 and 2018, instances of cryptojacking increased more than 629 percent, according to security firm McAfee, and it stands to reason that the malware’s popularity will only increase. Until the world sees a major malware event involving cryptojacking, like WannaCry for ransomware, it seems unlikely that most users will know about cryptojackers or do anything to protect themselves. Thus, cryptojackers will continue to run rampant for the coming months and maybe years.