At least 1.65 million attempts to infect computers with cryptocurrency miners detected in 2017

Criminals managed to distribute cryptocurrency miners to 1.65 million computers in less than nine months

1.65 illegal attempts to install cryptocurrency miners on computers

While cryptocurrency mining[1] is considered to be a legal process, criminals have been using illegal techniques to enslave victims computers into a mining botnet[2]. Frauds are spreading miners ( a form of malware) to use victims’ computers for cryptocurrency mining, which results in problems on victim’s computer and income for the cyber criminal.

Researchers from Kaspersky have shared their discoveries in a blog post[3] on September 12th, 2017. According to experts, several large cryptocurrency mining botnets were detected; in addition, criminals are attempting to infect servers of large organizations with miners to expand the botnet as far as possible.

Kaspersky shared a column graph that visualizes the growth of attempts to install miners of computers starting from 2011 to 2017. The security firm claims that there were at least 205,000 attempts to infect their customers with mining malware in 2013, and that number grew to 701,000 in 2014.

In 2016, there were more than 1.8 million attacks discovered, and in the first eight months of 2017, at least 1.65 million attacks were noticed.

Miners are mainly propagated via adware installers

While the majority of cryptocurrency miners are promoted via software installers that suggest placing more than one program on the system, experts have also noticed more sophisticated malware promotion methods. According to Securelist, criminals might be exploiting well-known vulnerabilities like EternalBlue to infect unprotected systems.

The criminal actors are believed to be collaborating with unethical adware providers. Besides, suspicious ads for mining builders were found in Telegram channel[4]. Clicking on a provided link allows the user download a trial version of a builder that creates a miner dropper with some interesting features such as software suspension whenever the user launches a game such as GTA V, Minecraft or WorldOfTanks.

Modus operandi of a cryptocurrency miner

Cryptocurrency miners usually have beneficial features helping them stay undetected by security programs, run on startup and perform other activities, including:

  1. Attempt to disable antivirus, anti-malware, and anti-spyware programs;
  2. Create a copy of the miner on the hard drive and recreate it each time it gets deleted by the user or security software;
  3. Track what programs start running and shut down themselves if the launched program has an ability to monitor running processes.

Researchers also stated that the most popular cryptocurrencies used in mining processes are Monero and Zcash. The discovered mining network can generate approximately $30,000 per month to criminals.

If you noticed that your computer recently started to perform poorly, consider checking your computer for cryptocurrency miners.[5] experts suggest using anti-spyware or anti-malware programs to identify mining software illegally installed on your PC.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions