Cryptocoin mining malware grew 4,000 percent in 2018

2018 was the year of malicious cryptocurrency miners. And PCs and laptops were not the only target.
Written by Liam Tung, Contributing Writer

As the number of ransomware families continues to decline, malicious cryptocurrency miners have exploded over the past year. 

There were nearly four million new samples of coin miner malware in the third quarter, up from 2.5 million in the preceding quarter, according to McAfee's December 2018 threat report.  

According to McAfee, new coinmining malware grew nearly 55 percent over the quarter, with total malware growing 4,467 percent over the past year.

In 2017, the year WannaCry and NotPetya cost businesses billions in losses, the number of malicious cryptocurrency miners didn't exceed 250,000. However, by the first quarter of 2018, McAfee's count of new crypto-miners hit 2.5 million.     

While less obviously harmful than ransomware, they can be disruptive and costly: after cryptojacking attack on a Canadian university in November it was forced shutdown its entire network to mitigate the CPU-laboring malware.  

Some examples, like PowerGhost, also disable Microsoft's built-in antivirus, Windows Defender, exposing infected machines to other malware. Microsoft has also warned that employees looking to benefit off a company's hardware could also intentionally introduce miners.    

The rise of malicious cryptocurrency miners followed 2017's massive spike in the price of bitcoin, which began the year at $996 and ended it over $13,000. Today, of course, it's fallen to around $3,500, dragging down other more commonly mined currencies such as Monero.     

Alongside the fall in Bitcoin and other currencies, McAfee notes attackers are finding new ways to cash in on vulnerabilities and human weakness. Examples include OSX.Dummy, which was spread in messages on Slack, Telegram, and Discord, purporting to fix crypto problems but instead exposed Mac users to an exploit. 

Attackers this year also used a vulnerability in MiktoTik routers to turn 3,700 devices in mining slaves. 

"We would not usually think of using routers or IoT devices such as IP cameras or video recorders as cryptominers because their CPUs are not as powerful as those in desktop and laptop computers," the report said. However, due to the lack of proper security controls, cybercriminals can benefit from volume over CPU speed. If they can control thousands of devices that mine for a long time, they can still make money.


Editorial standards