Bitdefender: Romanian hackers' group mining cryptocurrencies using worldwide victims' devices

Bitdefender researchers have discovered a group of Romanian cyber attackers who remotely infect computers and servers across the globe, from where they then illegally mine cryptocurrencies, according to a company statement sent to AGERPRES on Wednesday. The cryptocurrency mining process is time-consuming and requires expensive computer systems with high processing power, which is why cyber attackers avoid using their own devices and try to take control of such systems remotely and use them as if they were their own. Once they grasp the victims' systems, which in this case run the Linux operating system, hackers illegally install an application and mine the Monero cryptocurrency indefinitely. Thus, the infected device will no longer function in optimal parameters, will deteriorate rapidly, the services placed on the infected servers will work worse, and the electricity consumption paid by the victim will increase. Bitdefender's computer security researchers have also tracked down the tools that the fraudsters use fraudulently. Thus, the attackers have developed a programme that aims to guess the weak passwords used in the protocol that connects remotely to a server, and once they enter the system they install a modified application that uses the processing power for cryptocurrency mining. The programme used by the attackers to scan the Internet in search of vulnerable devices contains words or sentences in a mixture of English and Romanian, the name of the programme with which they break passwords being precisely 'diicot brute'. During the investigation, Bitdefender researchers found that even in comments in the applications, hackers use Romanian names. (DIICOT stands for Directorate for Investigating Organized Crime and Terrorism, ed.n.) Victims may detect that their devices are being misused by third parties to mine cryptocurrencies when they find that they are no longer functioning properly. Bitdefender's computer security specialists recommend the use of unique and complex passwords that cannot be broken by repeated attempts, as well as the closure of communication protocols that they do not usually use. System administrators who find the systems' cumbersome functioning must remove all files installed by attackers on the infected device and ensure that they take all measures to combat infection.AGERPRES(RO - author: Florentina Cernat, editor: Andreea Marinescu; EN - author: Maria Voican, editor: Simona Iacob)

Continue reading on: