Cryptocurrency Mining Malware All the Rage in 2018

Written by Joe Kozlowicz on Thursday, February 15th 2018 — Categories: Security

You’ve probably heard about cryptocurrency — the most famous being Bitcoin — as it soared and crashed in value in the past few months. We have a quick explanation about cryptomining  and its associated environmental costs here on the blog. Many are looking to cash in on “free money” by dedicated expensive hardware setups to mining new coins and processing crypto transactions.

So many, in fact, that a new variety of malware has emerged, infecting PCs, servers, and even smartphones with cryptomining software. Unbeknownst to users, cryptojacking software is using valuable computing power to enrich hackers while dramatically slowing down the infected device.

Will 2018 be the year of cryptojacking? How can you fight or avoid these new flavors of malware?


Cryptojacking hits organizations as large as the US & UK governments

Crypto malware recently made big headlines when it was revealed to have infected major web operations within the United States and United Kingdom governments, and even penetrated as far as the operational network of a European water utility (malware is in our utilities now, people – welcome to the 21st century).

These attacks worked by hijacking browser extensions, like one that helps impaired web users with their browsing, and then using the end user computer to perform cryptomining operations. This “cryptojacking” approach has become an increasingly popular method to insert crypto software on thousands of unsuspecting computers.

Some plugins can avoid this by using an additional .js file with the SRI Integrity Attribute, allowing the browser to check and see if the plugin file had been modified by a third party.


Why cryptomining malware has become so popular

Besides the fact that bitcoin can appear to be a lucrative investment with its recent value gains, it is also very difficult to trace and can be shared and spent from anywhere with an internet connection. It is therefore a preferred currency for criminals, as demonstrated by its frequent use in ransomware infections.

Cybercriminals who are already familiar with cryptocurrencies and their inherent value were well-suited to adapt various malware tools to proliferate widespread infection of secret mining operations, leveraging any computing device they could install mining software on.

Sometimes that means taking over supercomputers at places like Harvard or the Federal Reserve (yes, that really happened). But it can also consist of hundreds of thousands of botnet “zombie” computers working on their behalf, each with less individual computing resources but when combined forming a significant amount of cryptomining power.

There have been many types of malware, each exploiting different vulnerabilities to install crypto software. No computing device is safe: since 2014 or earlier, mobile devices are subject to infection as well, as are internet connected devices like DVRs, routers, NAS arrays, video cameras, and more.


Cryptomining’s negative effects

Assuming you don’t want your servers spending their valuable cycles on cryptomining, these malware threats can have a variety of negative effects. The first is slower performance, as the software is often very intensive.

However, a major portion of the infections attach other attacks as well, including cross-site scripting, remote code execution vulnerabilities, brute force login attacks, command buffer overflow exploits, code injection, SQL injection, and DDoS attacks. So while your mission critical apps are flailing, you might also be losing valuable data.

Just like any other type of malware, you should use smart and safe IT practices to avoid infection:

Cryptocurrency may be going through a rollercoaster as far as values go, but it seems to be here to stay, with dozens of viable variations on the well-known Bitcoin now flooding the market. If your machine seems suddenly slow or if it is running extremely hot, with high spikes of CPU and memory utilization despite no visibly running applications,  you might be fighting a crypto-malware infection.