How Cryptocurrency Mining Software Is Turning Into Malware

Print Email

Source: Thinkstock
A single desktop PC working all day might generate about $0.25 from mining for monero, a digital cryptocurrency that focuses on transaction privacy. While that might seem not to be worth the effort and would not even pay the electricity bill, what about cobbling together a network (botnet) of PCs to do the heavy lifting?

That’s what cybercriminals are doing — using mining programs like Coinhive and Cryptoloot to hijack PCs and adding code to them so they can be put to work mining for monero. According to security researchers at Check Point, crypto-miners have had a global negative impact on 55% of organizations, with Coinhive as the predominant threat.

In December, Check Point noted:

[C]ryptocurrency miners have intentionally been injected into some top websites, mostly media streaming and file sharing services, without notifying the users. While some of this activity is legal and legitimate, the tools can be hacked to dominate more power and generate more revenue, using as much as 65% of the end-users’ CPU power.

How does the invasion work? According to Check Point, the problem begins with ad blocking software:

Ad-blocking software, stemming from users losing patience with excessive pop-up and banner advertisements, has been slashing many websites’ advertising revenue. Those websites are turning to crypto-miners as a new source of revenue – often without the knowledge or permission of the visitors to the website. Similarly, threat actors are turning to crypto-mining malware as a new way to make money – illegitimately gaining access to the users’ CPU power to mine for their own cryptocurrency – making it even likelier that we’ll see this trend gain steam over the coming months.

Another security firm, Talos, notes that crypto-mining attackers don’t steal anything from their targets except a few CPU cycles and that mining software is not technically malware. But as long as a PC remains in a crypto-mining botnet, that PC’s owner is contributing some spare change hiding under the couch cushions that can add up fast. A botnet of some 200,000 nodes could mine $500 a day in monero, adding up to $182,500 in a year. Not bad for a part-time job.

A report at Data Breach Today has more detail and links to other research on crypto-mining.