New WebCobra Cryptojacking Malware Uses Platform Specific Miners

[silversurfer]

WebCobra, a new Russian cryptojacking malware, has been discovered by McAfee Labs' researchers and observed while infecting and using architecture-based miners for x86 and x64 machines.

"Recently we examined the Russian application WebCobra, which silently drops and installs the Cryptonight miner or Claymore’s Zcash miner, depending on the architecture WebCobra finds," said McAfee Labs.

While McAfee Labs was not able to pinpoint the way WebCobra is spreading, they believe that there is a very high chance the cryptojacker uses rogue PUP installers as the means of infiltration and main droppers.
Moreover, WebCobra was observed on infected computing systems from Brazil, South Africa, and the United States, and using a unique infection technique consisting of dropping different miner payloads on x86 and x64 architectures.

To be more exact, when it detects that the compromised system has an x86 architecture, WebCobra will drop the Cryptonight cryptocurrency miner, injecting into an already running process.
Furthermore, when the architecture of the infiltrated machine is x64, it will download Claymore’s Zcash miner from a remote server, launch it and start mining for crypto in the background, sending crypto coins into its masters' cryptowallet until an eventual detection and removal.

Source: https://news.softpedia.com/news/new-webc...3816.shtml