Cryptojacking malware proves a big winner for web crooks

The success of malicious cryptocurrency mining software is delivering big wins to the groups that are spreading the malware.
Written by Danny Palmer, Senior Writer

Web crooks are making money by forcing PCs and other devices to mine cryptocurrency for them according to new research.

Cryptojacking malware uses stealth: it secretly infects a victim's computer or smartphone with malware which uses the CPU of the device to mine for cryptocurrency, which is secretly transferred into a wallet owned by the attacker.

In theory, most users aren't going to think much about why their computer is suddenly working harder, so won't uncover how they've been infected with a cryptojacker.

However, it's big business: at least five percent of the Monero cryptocurrency in circulation has been mined via cryptojacking activity, the research claims, as criminals increasingly turn to cryptocurrency mining as means of making illicit profit.

The analysis by researchers at security company Palo Alto Network's Unit 42 analysed hundreds of thousands of cryptocurrency samples and mining tools and came to the conclusion that five percent figure currently represents a value of $143,750,400, based on a value of $180 per Monero when the research was conducted.

The total figure for Monero acquired by malicious means could even be much higher, as researchers point out.

"This of course doesn't take into account web-based Monero miners, or Monero miners that we do not have visibility into. As such, we can assume that the actual percentage of Monero in circulation that was mined via malicious activity is actually higher," said Unit 42's Josh Grunzweig, writing in a blog post.

Monero dominates the ecosystem of maliciously mined cryptocurrency, accounting for 85 percent of the 629,126 analysed samples. Bitcoin is the second most mined through cryptojacking -- but it doesn't even come close, accounting for nine percent of samples.

Monero is so attractive to these groups perhaps because it offers additional privacy and anonyminity over Bitcoin and because many computers can be used to mine it -- as opposed to bitcoin, which requires a specialist rig.

See also: Cryptocurrency-mining malware: Why it is such a menace and where it's going next

However, like many other economies, the vast amount of wealth lies in the hands of a small few, with only 55 percent of the wallets having earned 0.01 XMR (around $2) or more.

Only 10 percent of identified wallets contained more than 100 Monero (over $13,500) and only 4 percent contained over 1000. Under one percent contained over 10,000 Monero (over $135,000)

The number of detections of cryptocurrency miners has soured this year, as criminals look to take advantage of what many see as an easy way of making money. Unfortunately, the stealthy nature of the attacks, combined with the current popularity means that preventing cryptojacking is a challenge.

"Defeating cryptocurrency miners being delivered via malware proves to be a difficult task, as many malware authors will limit the CPU utilization, or ensure that mining operations only take place during specific times of the day or when the user is inactive," said Grunzweig.

"Additionally, the malware itself is delivered via a large number of methods, requiring defenders to have an in-depth approach to security," he added.


Editorial standards