WebCobra is a crypto jacking malware that was observed carrying out attacks on computers that mine cryptocurrency illicitly by taking over the infected computer's resource. WebCobra seems to have originated in Russia. Depending on the victim's computer, WebCobra will install one of two cryptocurrency miners, either Zcash or Cryptonight. Malware researchers have not been able to determine how WebCobra is being distributed currently, but it is likely that WebCobra attacks are, in some way, related to Potentially Unwanted Programs (PUPs) installers, often installed when the computer users install new software from a questionable source.

Some Details about the WebCobra Attack

WebCobra attacks have been observed on computers located in South Africa, the United States and Brazil. WebCobra will vary the type of miner payload that is delivered depending on the architecture of the infected computer. In the case of x86 systems, WebCobra will deliver Cryptonight, a cryptocurrency miner that will be injected into a memory process already running on the infected computer. In the case of x64 systems, WebCobra will connect to a remote server and download the Claymore's Zcash, launching it and then running it in the background. This malware will run on the infected computer and create digital currency for the criminals until it is detected and removed from the infected computer.

What are the Consequences of Crypto Jacking Attacks Like WebCobra

Attacks of this type had a significant rise since 2017 when they first started to appear. The number of these attacks increased almost 500% in one year. One of the reasons for the popularity of threats like WebCobra is the fact that these attacks do not require many resources and do not leave a large footprint on the infected computer. Furthermore, these attacks can be carried out on many different devices and operating systems and are not limited to PCs running Windows, as are the vast majority of malware attacks. Threats like these can often infect devices such as televisions and routers, taking advantage of the infected devices' processors to mine cryptocurrency for the criminals responsible for the attack. Currently, crypto jacking attacks are the most popular malware type attacks, surpassing ransomware for the top position in early 2018.

Beware of Threats Like WebCobra

Essentially, threats like WebCobra exploit the infected devices, using the victim's resources to generate revenue. WebCobra will often be installed when computer users download bogus software or software updates from potentially unsafe sources. The two components of WebCobra that can be installed onto the victim's computer mine different cryptocurrency types. In the case of the x86 variant, the currency mined is Monero (XMR), while in x64 variants, the malware mines ZCash (ZEC). Unfortunately for computer users, the effects of threats like WebCobra can be substantial on an infected device. This is because threats like WebCobra will hijack the infected device's resources and use them with the purpose of mining cryptocurrency. Mining these digital currencies requires large quantities of processing power, leaving little for the infected computer's normal operations. Because of this, a computer that becomes infected with WebCobra may become very slow and unstable. The devices infected by threats like WebCobra also may become prone to overheating and will have their performance and estimated lifetime reduced severely. Because of this, it is necessary to ensure that all devices are protected from these threats properly.

Preventing Attacks from Threats Like WebCobra

The best way to prevent WebCobra attacks is to make sure that all software installed comes from reputable sources. It also is important that all devices are protected with strong passwords and security measures. Having reliable security measures can prevent WebCobra from being installed in the first place.


Most Viewed