Driven by a sustained rise in adoption and stability of cryptocurrencies like bitcoin, monero, and ethereum, criminal gangs, and hackers around the world are increasingly flocking to illegal cryptocurrency mining as their new growth market.
The trend was revealed by Helge Husemann, Malwarebytes EMEA Product Manager while speaking at the ITWeb Security Summit 2018 on May 22, 2018.
Helge Husemann. Source: ITWeb
Unlike standard cryptocurrency mining which makes use of equipment that is owned or leased by the miner, illegal mining uses malware and trojans to infect internet-connected devices and secretly install crypto mining software.
These miners run undetected in the background, potentially making a fortune for the hacker through an extensive network of infected devices which become mining nodes.
Bigger Problem Than Ransomware
According to Husemann, the practice known as “cryptojacking,” has seen a 4,000 percent rise in popularity from 2017 to 2018, and victims of this crime have included everyone from Android phones and laptops owned by private individuals to corporate servers and even government websites.
Speaking at the summit, he said:
“We see cryptojacking as a bigger problem than the normal ransomware because this stuff can be done in-browser and on end-point, and it can be done up to a point where it actually destroys hardware, or it actually bogs down the company from using any application servers and making whatever they are manufacturing.”
Monero is the Favored Crypto for Hackers
Going further, Husemann explained the process by which hackers gain control of an individual’s mobile phone or laptop and exploit its computing power for cryptocurrency mining. Known as a “drive-by,” the attack begins with an innocuous visit to a legitimate website which unbeknown to the visitor has been surreptitiously seeded with malware.
Using technology developed by Coinhive, which enables mining of Monero through an internet browser on a PC or mobile device, the mining software feeds off the victim’s CPU power to solve cryptographic problems and mine Monero coins, in some cases shooting CPU usage as high as 100 percent.
He explained that Monero is the favored currency of ‘cryptojackers’ seeking illicit profits through crypto mining because its mining software does not have specific hardware requirements and can run on an internet browser, which gives it a unique cross-platform reach and exponentially expands the illegal network available to a cryptojacker.
An Increasing Threat
The growing threat of cryptojacking is illustrated by the platforms where drive-by attacks have been recorded over the past few months.
In November 2017, illegal Monero-mining malware scripts were discovered on the official UFC streaming website. In December 2017, Trend Micro released a report describing a new type of malware that spreads through Facebook Messenger, infecting the Google Chrome browser and installing a self-executing Monero miner on the victims’ Windows computers.
Similar attacks have also been recorded on U.K. government websites, the San Diego Zoo website and many more legitimate platforms, potentially exposing millions of people to CPU-guzzling malware with the capacity to damage hardware.
To protect themselves from cryptojacking, Husemann advised web security personnel to look into deploying machine learning solutions in detecting malware signatures.