With malicious cryptocurrency mining an increasingly popular means for cybercriminals to make money, there has been a surge cryptojacking malware up for sale on the dark web.
But while many crooks will target servers and PCs to secretly mine for cryptocurrencies, an increasing number of cryptojackers are looking towards Internet of Things (IoT) devices as their means of making money.
While IoT devices have far less power than even the most basic PC, they come with the benefit - for the attackers at least - that they often lack proper cyber security controls and that users frequently install the device and more or less forget about it.
As a result, IoT cryptojacking malware is becoming more popular on underground forums, with research by security company Trend Micro detailing examples of it being advertised on the dark web, with one specifically advertised to infect routers - a device in the home or workplace of anyone with an internet connection.
While IoT mining is picking up popularity, at least one user on one of these forums isn't convinced it is an efficient means of turning a profit. "It's not worth anything. Nobody will make any profit from mining on routers," one said.
However, Fernando Mercês, senior threat researcher at Trend Micro notes that "cryptocurrency malware is gaining traction as a topic in forums in the cybercriminal underground" and that some are "dedicated to exploring whether compromising connected devices - however underpowered - for financial gain is a plausible venture".
While profit from infected IoT devices might be small - for now at least - it still represents a worry for users because ultimately the device is infected with malware. While cryptojacking arguably isn't as damaging as the likes of ransomware or trojans, the device has still been compromised.
And while cryptocurrency mining is supposed to be secretive, there's always the possibility the attackers will push it too far and permanently damage the device - as demonstrated by some cryptojacking attacks which have blown up phones due to the amount of power consumption.
In order to protect IoT devices from falling victim to cryptojacking attacks, users should regularly update devices with patches as and when they become available and change default credentials to avoid unauthorised access.
Cryptocurrency mining has experienced a surge this year, even rising to become as lucrative as ransomware was at it's height.
READ MORE ON CYBER CRIME
- This cryptocurrency mining malware also disables your security services
- Hackers infect Android phones, TVs to mine cryptocurrency [CNET]
- History repeating: How the IoT is failing to learn the security lessons of the past
- Report: Cryptojacking exploded 8,500% in 2017 as Bitcoin gained value [TechRepublic]
- Cyber attackers are cashing in on cryptocurrency mining - but here's why they're avoiding bitcoin