Electroneum (ETN) Cryptocurrency Targeted by Webminer Delivered via Malicious Advertisements

Cryptocurrency mining malware has been on an upswing, with rising prices and wider adoption giving cybercriminals more incentive to target online currencies. The last month alone saw a variety of attacks targeting cryptocurrencies. And it seems that cybercriminals are moving towards mining relatively new cryptocurrencies. Trend Micro observed a recent spate of attacks designed to deliver a webminer for the Electroneum (ETN) cryptocurrency.

Launched in September of this year, the British-based Electroneum was designed as a cybercurrency that could be mined without the need for powerful and expensive hardware. The company claims ETN will be the first cryptocurrency that can be mined using a mobile phone (an unlaunched feature as of the time of this publication) through a mobile app named the Mobile Mining Experience.

ETN’s status as a startup cryptocurrency has not prevented it from being targeted by cryptocurrency miners. Since December 14, Trend Micro has been tracking websites that loaded with a malicious advertisement in the background. The websites appear to provide deals or offers to its visitors, as evidenced by some of the names of the sites, such as hxxp://www.intactoffers[.]club/s/ and hxxp[://www.fantasticoffers[.]club/s/

Once clicked, these malvertisements will load a webminer that mines ETN coins in the background. It concurrently redirects users to a normal online shopping website to prevent them from noticing it.

Figure 1: After redirection to a normal online shopping website

Based on Alexa reports, some of the malvertisement sites are already ranking in the top 15,000 in the world, which means that there is no shortage of visitors to some of these malicious websites: 

Given the use of malicious advertisements as the main method of delivering the webminer, users can stop miners from using their machines to mine cryptocurrencies through standard best practices, which include:

For cryptocurrency mining malware, users and organizations can also refer to this article for best practices and mitigation techniques.

Finally, users can look into comprehensive security solutions that can protect them from cryptocurrency mining malware. One example is Trend Micro™ Smart Protection Suites, which delivers several capabilities such as high-fidelity machine learning, web reputation services, behavior monitoring and application control, and vulnerability shielding that minimize the impact of cryptocurrency threats.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.