Technology
How Cryptocurrency Mining Software Is Turning Into Malware
Published:
Last Updated:
A single desktop PC working all day might generate about $0.25 from mining for monero, a digital cryptocurrency that focuses on transaction privacy. While that might seem not to be worth the effort and would not even pay the electricity bill, what about cobbling together a network (botnet) of PCs to do the heavy lifting?
That’s what cybercriminals are doing — using mining programs like Coinhive and Cryptoloot to hijack PCs and adding code to them so they can be put to work mining for monero. According to security researchers at Check Point, crypto-miners have had a global negative impact on 55% of organizations, with Coinhive as the predominant threat.
In December, Check Point noted:
[C]ryptocurrency miners have intentionally been injected into some top websites, mostly media streaming and file sharing services, without notifying the users. While some of this activity is legal and legitimate, the tools can be hacked to dominate more power and generate more revenue, using as much as 65% of the end-users’ CPU power.
How does the invasion work? According to Check Point, the problem begins with ad blocking software:
Ad-blocking software, stemming from users losing patience with excessive pop-up and banner advertisements, has been slashing many websites’ advertising revenue. Those websites are turning to crypto-miners as a new source of revenue – often without the knowledge or permission of the visitors to the website. Similarly, threat actors are turning to crypto-mining malware as a new way to make money – illegitimately gaining access to the users’ CPU power to mine for their own cryptocurrency – making it even likelier that we’ll see this trend gain steam over the coming months.
Another security firm, Talos, notes that crypto-mining attackers don’t steal anything from their targets except a few CPU cycles and that mining software is not technically malware. But as long as a PC remains in a crypto-mining botnet, that PC’s owner is contributing some spare change hiding under the couch cushions that can add up fast. A botnet of some 200,000 nodes could mine $500 a day in monero, adding up to $182,500 in a year. Not bad for a part-time job.
A report at Data Breach Today has more detail and links to other research on crypto-mining.Â
24/7 Wall St.
Sponsored: Want to Retire Early? Here’s a Great First Step
Want retirement to come a few years earlier than you’d planned? Or are you ready to retire now, but want an extra set of eyes on your finances?
Now you can speak with up to 3 financial experts in your area for FREE. By simply clicking here you can begin to match with financial professionals who can help you build your plan to retire early. And the best part? The first conversation with them is free.
Click here to match with up to 3 financial pros who would be excited to help you make financial decisions.
Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.
Editors' Picks
