Mining Malware: 6,000 PCs Hacked, 5 Men Arrested by S. Korean Police

South Korean local police conducted a serious operation that led to five hackers being arrested and put behind bars on Thursday November 8, 2018 for illegally installing malicious cryptocurrency mining malware on over 6,000 active computers (PCs) with the aim of stealing cryptos such as Bitcoin (BTC), Ripple (XRP), Ethereum (ETH), Litecoin (LTC) and others. The Korean government together with the police and other authorities pay allegiance to protect people and their property.

The report, dubbed “Status and Measures of Hacking Damage of Virtual Currency Exchanges in the Last Three Years,” which was published by the South Korean National Police Agency, gathers crypto-related hacks that have molested South Korean customers since 2016.   

The report revealed that these deadly hackers have so far victimized a total of 7 local crypto exchanges and around 158 wallets and within that period of time, the police have managed to successfully arrest just 6 cybercriminals.   

Excerpts from the report reveal that:

“The amount of money stolen by the hacking of cryptocurrency exchanges has been steadily increasing every year. The number of illegal withdrawals, which was only KRW 300 million [$265,280] in 2016, increased to KRW 40.5 billion [$35.9 million] in 2017, and two hacking cases occurred in 2018, amounting to KRW 71.3 billion [$63 million] in theft.”   

The Korean National Police Agency Cyber Bureau (KNPACB) issued an official statement, which revealed that a deadly group of five hackers that was headed by Kim Amu-gae  sent around 32,435 emails with the malevolent crypto mining malware mainly targeting South Korea's desktop computer users.   

This event can be related to what happened from October to December last year, when a deadly group of hackers masking as employers, released tens of thousands of malevolent malware instances to job applicants.   

Legislator Min Kyung-wook was quoted by Boan News noting:   

“The nature of crypto exchanges is always exposed to cyber threat…the hacking accidents happened even in the places where the government conducted security checks.”   

Why People Became Victims   

A report from KNPACB shows that hackers gathered the job applicants' email addresses from big companies in the local tech industry.   

The hackers went ahead to obtain over 30,000 email addresses of members hunting for jobs from several recruitment platforms and different job forums, and started to send individual emails to job seekers posing as recruitment agents and employers.   

The group under arrest is accused of sending emails to job applicants that had malicious malware masked as important documents and files being sent to applicants who qualified or those that submitted their applications on recruitment platforms, hence misleading very many individuals that clicked or downloaded them hoping they were sent by the companies to which they applied. Unfortunately, the malware would install instantly in the background.   

Thanks to the advanced and updated anti virus software that helped in detecting and deleting the majority of the crypto mining malicious malware within 3-7 days, that were installed in 6,000 PCs.   

The Struggle Continues   

Cybersecurity companies also took part in the struggle to investigate the matter, which enabled local security experts to scan and treat the rest of the attacked PCs before the situation got worth.   

While the activity was effectively planned and successfully installed onto more than 6000 PCs, the group of hackers managed to only generate a total profit of $1,000. 

“Crypto jacking significantly reduces the performance of computers and if exposed to institutions, it could have a serious effect on the society. PC users must have secure anti-virus software in place and update browsers frequently. Also, if the performance of a computer suddenly drops, users will have to suspect the presence of mining malware,” an investigation close to the case told Hani. 

This is not the first arrest of crypto hackers, in March 2018, Spanish police put a cybercrime gang leader behind the bars after stealing $1.2 billion. The gang was composed of both Russian and Ukrainian citizens, who robbed almost 100 different significant financial institutions globally and went on to cover tracks using cryptocurrency coins. In July this year, Bithumb, the second biggest crypto exchange in S. Korea lost $31.5 worth of virtual coins to hackers.