Cryptojacking: How malware hijacks foreign computers for crypto mining

Cryptojacking: How malware hijacks foreign computers for crypto mining

admin 9. Dezember 2018

The number of malignant mining infections, so-called cryptojacking, rose by 83 percent in 2018. In attacks of this kind, the miners abuse the CPU power of other computers for their own crypto mining. In the first three quarters of this year, Kaspersky Labs registered a total of five million attacks.

While the popularity of crypto currencies is growing – despite the bear market – the interest of cyber criminals in tapping this growth market is also growing. This is stated in a press release of Kaspersky Labs, which is available to BTC-ECHO. According to cyber security experts, 2018 was the year of crypto criminals.

Mining attacks in focus of the Bitcoin revolution

The Bitcoin revolution report focuses in particular on the importance of hidden mining software, which misuses the CPU resources of infected computers for its own crypto-mining. Accordingly, the infiltrated malware in some cases uses „70 to 80 percent of the CPU or graphics card performance to generate virtual coins“.

As can be seen in the graph, the number of cryptojacking attacks rose enormously in the spring; the continuing bear market then seems to have also spoiled the mood of cyber criminals. At the end of the third quarter, the level dropped slightly again, but still ranks above the level at the beginning of the year.

Criminal miners therefore follow a similar pattern to distributors of so-called ransom goods, because the only target of the attacks is their own enrichment. While ransomware infections are immediately noticeable, malicious mining attacks often remain hidden for a long time. This is what makes the attacks so interesting for hackers, according to the report.

„Cryptojacking differs for cyber criminals in that, if properly executed, it is impossible for the owner of an infected computer to detect [an attack] and the chances of [being prosecuted] are therefore low.

Distribution by unlicensed Bitcoin revolution software

The investigation has shown that a large part of the infection is due to installations of unlicensed or pirated Bitcoin revolution software. As a result, the rate is significantly higher in countries where there is typically a lot of unlicensed Bitcoin revolution software in circulation. Examples include countries such as Russia, India and Kazakhstan.

Social engineering increasingly important
So-called social engineering methods are also increasingly feeding cybercriminals with fish. The „advantage“ of this method is that large botnets automatically propagate the infected software via social media platforms such as Facebook and Twitter. In this way, programmers achieve a targeted and area-wide distribution of the malware.

In this context, the so-called giveaway scams should not go unmentioned. As BTC-ECHO reports, there are a lot of fraudulent accounts on Twitter. Fake postings from prominent people promise to pay out large sums to Ether or Bitcoin, but in return demand a small amount in the respective crypto currency. Needless to say, the fraudsters then run away with their victims‘ money.

The security architecture of the crypto ecosystem is likely to become an increasingly important issue in the future. At the moment, users are largely asked themselves not to fall for all the scams. The security experts at Malwarebytes nevertheless recommend „installing security before you become a victim“. Installing a mature firewall would be a good start.