Top 5 facts about cryptominers

by Gabriel E. Hall - - 2017-12-23

Cryptocurrency mining became a new cybercrime trend

The era of cryptocurrency began in 2009,^[1] when the first decentralized virtual currency – Bitcoin – was released. Later on, more than ten new virtual currencies were created, such as Ethereum and Monero. The value of cryptocurrency is growing daily. Thus, there’s no surprise that cyber criminals found a new niche for their illegal activities.

According to the research, at least 1.65 million of user’s computers are being used to mine virtual money without their knowledge.^[2] While Bitcoins remain the most popular and valuable cryptocurrency, Monero becomes more and more popular among criminals.

The reason why criminals love Monero so much because it has built-in anonymous transactions and allows mining virtual money using computer’s CPU without user' knowledge^[3] Thus, payments cannot be tracked, and criminals cannot be found or punished.

However, if you are thinking about investing in cryptocurrency or just want protect yourself from Monero Minero or other mining malware, we are here to present you 5 most important facts about cryptominers.

1. Criptominers are legal

Nevertheless, there are lots of talks about illegal cryptocurrency mining cases; originally, mining is a legitimate activity. People can mine Bitcoins or other digital currency, trade them into “real” money, or sell their currency to others.^[4]

To mine virtual money, people have a few options. They might set up hardware, use cloud mining possibilities or use miners to solve math problems given by cryptocurrency or use cloud mining. Bitcoins, Monero or other currency are given as a reward for solving the problems because the process uses lots of electricity and computer’s resources.

However, cyber criminals do not put much effort. They look for the way to hijack user’s computers to turn them into mining botnet. Thus, cryptocurrency is being mined without user’s consent or tricking them into installing obfuscated application.

2. Cyber criminals can turn computers into cryptocurrency mining machines using a bunch of methods

One of the best known illegal mining issues this year was exploitation of Coinhive technology. This JavaScript library for Monero Blockchain was included in many compromised websites. Researchers also discovered registered domains that redirect to sites that mimic popular social networks.

Monero miners showed the widest range of attack methods. Miners were installed on the computers using Windows SMB vulnerability, various exploit kits or tricking to install an obfuscated extensions, such as SafeBrowse.^[5]

3. Cryptominers can damage computers and phones

Cryptocurrency mining requires lots of computer’s CPU. Some illegal miners reported using from 30% to even 90% of computer’s resources. Obviously, this activity slowdowns computer’s performance a lot. However, it may lead to the physical damage to the device due to overheating.

In December 2017, many reports about the damage caused to Android smartphones by Loapi malware. This mobile cryptocurrency miner not only drowns device’s battery but physically damages the phone too, according to Kaspersky Labs tests.^[6]

4. Illegal cryptominers might hide in the malware-laden ads

While malvertising was known as one of the most popular ransomware distribution methods; other criminals also started using the same strategy so spread crypto-miners. Researchers detected that crooks were buying traffic from ad networks to spread malicious ads.^[7]

The majority of malicious ads were spotted on video streaming or gaming websites, and it’s a clever decision. When users are playing games or watching videos, their computer’s are using more resources. Therefore, users may not suspect any other reason why their CPU is high.

5. Cryptocurrency stealers go together with cryptocurrency miners

Cryptocurrency miners are used for making the virtual money. However, criminals found a simpler way to obtain Bitcoins, Zcash, Monero, Dash, and Dogecoin.^[8] They created a cryptocurrency stealers that interferes with virtual money transactions.

For instance, if you want to transfer Bitcoins or buy something using the digital money, malware detects cryptocurrency wallet address and changes it. Therefore, people transfer digital money straight to the criminals’ account.

About the author

Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References

^ Cryptocurrency. Wikipedia. The free encyclopedia.
^ Jordan Pearson. At Least 1.65 Million Computers Are Mining Cryptocurrency for Hackers So Far This Year. Motherboard. The website about technology .
^ Cryptominers – The Next Generation. Tripwire. Advanced Threat Detection & File Integrity Monitoring.
^ Is Bitcoin Legal?. Bitcoin Magazine. News, insight, reviews, guides, and price analysis on cryptocurrency.
^ Martin Brinkmann. First Chrome extension with JavaScript Crypto Miner detected. gHacks. Technology news.
^ Anna Markosvkaya. Loapi - this Trojan is hot. Kaspersky Lab Blog. Covers information to help protect you against viruses, spyware, hackers, spam and other forms of malware.
^ Malvertising campaign exploits users’ browsers to Mine Cryptocurrencies. AdSecure Blog. The official company blog.
^ Tara Seals. CryptoShuffler Trojan Sucks Cash from Wide Range of Crypto-Wallets. Infosecurity Magazine. Information security and IT security news.