Five individuals were caught by the Korean National Police Agency Cyber Bureau after infiltrating and compromising more than 6,000 computers and using them to surreptitiously mine for Monero (XMR) cryptocurrency, reports CCN.
Most bad actors use cryptojacking to mine for Monero because it comes with an anonymous blockchain and it can also easily be mined using computing systems with minimal resources, unlike Bitcoin which needs quite powerful mining rigs with modern GPUs for reasonable performance.
The hacking group used the emails of 32,435 job applicants and human resource personnel from multiple forums and recruitment platforms, targeting them using malicious emails containing malware disguised as legitimate resumes and recruitment letters.
Moreover, the victims' computers were infected after opening the malicious attachments, with the cryptocurrency mining payload automatically starting working in the background.
"Because cybersecurity firms and anti-virus software operators responded quickly to the distribution of mining malware, the group of hackers were not able to generate a significant revenue from their operation," said the local police.
The South Korean hacking group managed to collect only $1000 while running the cryptojacking campaign
Furthermore, "In most cases, anti-virus software detected the malware within three to seven days. If the malware was detected, the hackers sent new malware, but it was detected again by anti-virus software."
Even though the group lead by 24-year-old Kim Amu-gae ran their cryptojacking campaign from October to December in 2017, they only managed to mine just a little more than $1000 worth of Monero cryptocurrency although they were able to expand their illegal mining network to 6038 computers.
The spread of cryptojacking attacks to new areas is not a surprise seeing that illegal cryptocurrency mining security incidents have reportedly seen a 459% increase since 2017 according to a report by the Cyber Threat Alliance (CTA).
"Combined data from several CTA members shows a 459 percent increase in illicit cryptocurrency mining malware detections since 2017, and recent quarterly trend reports from CTA members show that this rapid growth shows no signs of slowing down," says CTA's report.
Also, as reported by Webroot in their 2018 mid-year threat report, cryptojacking is now the leader of the threat charts, surpassing ransomware as the most dangerous threat for the first half of 2018.