Source: ASEC
A new report from AhnLab Security Intelligence Center (ASEC) reveals a concerning trend: the distribution of cryptocurrency-mining malware via USB devices in South Korea. This stealthy campaign utilizes infected USB drives to install Monero-mining malware on unsuspecting victims’ computers, hijacking their system resources for illicit cryptocurrency mining.
“Lately, malware that mines cryptocurrencies by utilizing PC resources without user consent has been actively distributed as cryptocurrency prices surge,” warns the ASEC report. While cryptocurrency mining itself is legal, secretly installing mining software on others’ computers is a different story. This practice not only steals electricity and processing power but can also significantly degrade system performance.
The attackers behind this campaign have gone to great lengths to evade detection and maximize their profits. They employ DLL sideloading to execute the malware, manipulate system settings to disable security features like HVCI, and even tamper with power management to keep infected machines running optimally for mining.
Perhaps most troubling is the malware’s ability to self-propagate through USB drives. When an infected USB drive is inserted into a new computer, the malware automatically copies itself onto the device, further spreading the infection. This creates a dangerous cycle that can quickly infect numerous systems.
ASEC’s investigation revealed that the threat actors behind this campaign have been highly successful, generating over 1 million won (approximately $800 USD) in profit per day as of February 6, 2025.
This campaign serves as a stark reminder of the potential dangers lurking on seemingly innocuous USB devices. To protect yourself, ASEC recommends the following:
- Be cautious of USB devices from unknown sources: Avoid plugging in USB drives that you haven’t personally verified.
- Keep your security software up to date: Ensure your antivirus and anti-malware solutions are current and capable of detecting the latest threats.
- Enable real-time protection: This will help to block malware before it can execute.
- Educate yourself and others: Spread awareness about the risks of USB-borne malware and encourage safe practices.
