McAfee Exposed Russian Cryptojacking Malware Webcobra


Rise in crypto currency mining has resulted in a number of concerns. While regulations of ongoing crypto currency hacks seem to be the primary worry, a new threat known as “cryptojacking” has entered the picture.


Threat actors inspired by spike in cryptocurrency prices see it as a lucrative opportunity to fill their pockets. Hence, hackers have come up with a new tactic to design malware to cannibalize unsuspecting victims’ computers to mine cryptocurrency.

WebCobra: A New Silent Killer

Researchers at McAfee Labs, a cyber security firm recently discovered a new lethal Russian cryptojacking malware known as WebCobra.  According to them, the threat arrives via rogue software installers that users install deliberately or accidentally.

WebCobra is a nasty system infection that leverages victim’s computing power to mine cryptocurrencies Monero and Zcash secretly. It infects the victim’s system by stealthily installing the Cryptonight miner or Claymore’s Zcash miner depending on the configuration of victim’s machine.WebCobra

Though the threat originated in Russia, researchers claim to have spotted it around the world with the highest number of infections occuring in United States, Brazil and Africa.

Criteria of Installing Cryptonight miner or Claymore’s Zcash miner in Victim’s PC

  1. Cryptonight miner code: This malware code is injected into a running process of x86 systems and a process monitor is launched.
  2. Claymore’s Zcash miner: WebCobra deploys this infection code on x64 systems from a remote server after examining the system’s GPU (Graphics Processing Unit).

Symptoms of WebCobra intrusion in your system

Detecting mining malware is usually complicated due to their higher sophisticated coding involved in designing them. Symptoms of intrusion of WebCobra intrusion in your system include:

  1. Systems rendered Sluggish: Once your machine is compromised, malicious applications run in the background rendering system sluggish. Hence, if your system’s performance degrades suddenly for no concrete reasons, then you may have fallen prey to this cryptojacking malware.WebCobra
  2. Increased Power Consumption: This crypto-mining malware invasion increases system’s power consumption, leaving the owner with headache and unwelcomed bill. 


Victims of cryptojacking malware

This form of organized crime targets all groups ranging from consumers to government institutions and enterprises. Cryptojacking is just a number game irrespective of people or business targets. The more the number of systems infected, the more fortune threat actors can make.

How to protect your system from Cryptojacking?

Coin mining malware continues to evolve as cyber criminals take advantage of this easy path to fill their pockets. Mining coin on other people’s system requires less investment and comparatively less risk.

Following steps should be undertaken to secure systems from getting infected by coin mining malware:

  1. Users should install security programs in the system to prevent attacks by Cryptojacking malware.
  2. Maintain good cyber hygiene by refraining random clicks on suspicious links and spam emails.
  3. Downloading browser add on extensions that can detect abnormal loads in CPU usage goes a long way.


Cryptojacking malware attacks have surged up to almost 500 percent in 2018.  Monero was reported to form the preferred target for miners as the cryptocurrency focused on privacy and anonymity.

Google has announced to remove all suspicious extensions that contain obfuscated code from Chrome Web Store to combat covert crypto mining operations among other privacy violations.

Virus Removal Guidelines