Four “young” hackers have been arrested in a cryptojacking case involving over 6,000 computers in what is allegedly South Korea’s “first” known case of its kind, Korean English-language news outlet Aju Daily reports Nov. 8.
Aju Daily cites a statement from the National Police Agency’s cyber bureau that clarified that the four accused had not been detained, but would face a trial for allegedly infecting 6,038 PCs with malicious mining malware, which had been concealed in job application documents sent via email.
The cryptojacking campaign is said to have lasted two months as of October 2017, but resulted in mined crypto worth only worth around one million won ($895).
According to daily South Korean newspaper Hankyoreh, the mined crypto was anonymity-oriented altcoin Monero (XMR), which frequently features in cryptojacking cases that employ the “Coinhive” code — a program created to mine XMR via a web browser. According to a study published this summer, around 5 percent of all XMR in circulation has been mined surreptitiously through cryptojacking, a figure that was noted to likely be “too low.”
Hankyoreh similarly reports that the case is the first in the country to have drawn the attention of the police authorities. The newspaper notes that some of the emails masking the malware resembled real resumes, resulting in the infection of computers used by human resources (HR) staff, adding that the hackers targeted 32,435 people in total. A police official told Hani that:
“Security firms quickly responded to the spread of malware, and [the hackers’] revenue was not very high. Most of the cases were detected by anti-virus software within 3 ~ 7 days. When it was detected, the hackers sent further malware, but it was soon detected again.”
In a global context, the South Korean case is dwarfed by other cryptojacking campaigns; in July, 20 suspects were arrested in China in a major case that allegedly affected over one million computers and generated 15 million yuan (around $2.2 million) in illicit profits.