Cryptocurrency theft malware is now an economy worth millions

Carbon Black research suggests that as interest in cryptocurrency rises, so does the market for weapons to steal it.
Written by Charlie Osborne, Contributing Writer
File Photo

The Dark web is associated with the illegal trade in malware and malicious hacking tools, a market which has now turned towards lucrative cryptocurrency theft.

Cryptocurrency, including Bitcoin (BTC), Ethereum (ETH), and Monero (XMR), has grown popular of late.

The market is no longer just a way to trade virtual assets in a decentralized, somewhat anonymous fashion. Instead, startups have emerged which focus solely on cryptocurrency and the blockchain, well-known brands are launching Initial Coin Offerings (ICOs), and the cryptocurrency market has become a speculative way for investors to make serious money.

However, with popularity rising, so does the interest from criminals -- and this has created a new industry in the world of hacking tools and software.

According to Carbon Black's latest research report, "Cryptocurrency Gold Rush on the Dark Web," the market for malware and tools designed specifically for the theft of cryptocurrency is growing apace.

TechRepublic: Dangers of the Deep, Dark Web

The researchers estimate that over the past six months alone, a total of $1.1 billion has been stolen in cryptocurrency-related thefts, and approximately 12,000 marketplaces in the underbelly of the Internet are fueling this trend.

In total, there are roughly 34,000 products and services on sale that are related to cryptocurrency theft, ranging from just over a dollar in price to $224, with an average cost of around $10.

"The available dark web marketplaces represent a $6.7 million illicit economy built from cryptocurrency-related malware development and sales," the researchers say.

Cryptocurrency-stealing malware, such as cryptojackers GhostMiner and Loapi, appear to be the tools of choice for cybercriminals seeking to cash in on the craze for virtual coins.

See also: Cryptocurrency ICOs: It's impossible to police what you can't see

Carbon Black claims that cryptocurrency exchanges are the most vulnerable targets for cybercriminals, with close to a third -- 27 percent -- of attacks directed at these trading posts. In total, close to 21 percent of attacks target businesses directly, while seven percent are aimed at governments.

The UK government comes to mind. Back in February, a bold cryptojacking scheme compromised the UK and Australian government websites, siphoning visitor PC power in order to mine for Monero.

In total, roughly 4,000 domains were affected, and a legitimate third-party plugin installed to assist visitors with visual impairments was at fault after being compromised at the source.

The bulk of cryptocurrency-theft offerings are based on Bitcoin, likely due to the virtual currency's popularity and the promise of potentially high returns.

However, 44 percent of attacks now relate to Monero, likely due to cryptojacking rather than outright wallet compromise. An estimated 11 percent of attacks involve Ethereum.

Traders do not want to be paid in Bitcoin themselves due to high transaction fees associated with the cryptocurrency and the length of time it can take to process a payment.

Instead, Monero is the cryptocurrency of choice due to comparably low fees, privacy, and non-traceability.

CNET: This is how much your Apple ID is worth on the dark web

"Our analysis of the marketplace suggests cryptocurrency-related malware listings are designed to cater to unskilled cyber actors, or those looking to make a quick buck from highly vulnerable victims," Carbon Black says. "The listings are riddled with phrases that emphasize the sheer simplicity in using these tools. The phrases are not something we typically expect to see in offerings geared toward sophisticated actors."

A basic guide to diving in to the dark web

Previous and related coverage

Editorial standards