Cryptojacking is the unauthorized use of someone else’s device to mine cryptocurrency. It typically happens when a victim unknowingly installs cryptocurrency miner malware through a phishing link, malicious website, or software download, enabling the criminals to access the victim’s device.
According to the data presented by the Atlas VPN team, cryptocurrency miners were the most common malware family, with 74,490 such threats detected in the first half of 2021. Crypto-mining malware is not easily discoverable on victims’ devices, making it a continuously profit-generating cyberattack. The anonymity of cryptocurrencies is very convenient for threat actors, as they can benefit from their victims without being caught.
Cybersecurity writer and researcher at Atlas VPN William Sword told us: “Cryptocurrency mining malware has allowed cybercriminals to earn profit with more efficiency and less effort. Unfortunately, attack victims are often left with higher electricity bills and slower device performance, the latter of which can make them more susceptible to information theft, hijacking, and other subsequent cyberattacks. ”
Most active crypto miners
Cybercriminals seek to infect as many computers as possible to increase their profits. Different types of crypto miners help hackers turn computers into robots with one task only — generating more cryptocurrency. In their quest for more – free – processing power, some bad actors in the crypto mining space are redoubling their efforts.
The most active cryptocurrency miner in the first half of 2021 was MalXMR, with 44,587 detections. MalXMR is a crypto-mining malware that exploited EternalBlue for propagation and abused Windows Management Instrumentation. During the infection, high CPU use can be noticed with powershell.exe or sschtasks.exe.
Subscribe for more stories like this, 8am weekdays - for free!
Coinminer came up second with a total of 8,533 detections in H1 2021. Coinminer can usually be found on Android phones in fake versions of popular apps from third-party sources. Some crypto miners were even found on Google Play Store apps. Signs of Coinminer infection can include the device overheating, charging slowly, or showing other signs of heavy resource processing.
Other active crypto miners in the top five include ToolXMR (6,419), CoinMine (4,082), and MalBTC (2,328).
Illegal cryptomining is getting more imaginative
Cryptoming malware is turning up in the oddest and most unexpected places – for example, a logic bomb attack was discovered in the Python Package Index repository, the code repository for Python developers and part of the software supply chain. The attackers were trying to get honest software developers to include the bombs in their applications, without knowing it.
The enterprise Internet of Things is also considered a prime target for cryptojacking. This is because it uses unmonitored endpoints, always on devices and user interface-less machines. IoT devices, especially those owned by consumers, are often unmanaged and represent easy pickings. Printers are notorious for being abused because they are rarely monitored or updated.
Cryptocurrency mining malware has allowed cybercriminals to earn profit with more efficiency and less effort. Unfortunately, attack victims are often left with higher electricity bills and slower device performance, the latter of which can make them more susceptible to information theft, hijacking, and other subsequent cyberattacks.
The decision by the Chinese government earlier this year to crack down on cryptocurrenies, as this is prompting tougher vigilance for all cryptomining activity in China. Miners are being forced to seek alternatives.