Why cryptojacking malware is a bigger threat to your PC than you realise

Cryptocurrency-mining malware might seem like a low risk, but it rarely arrives without more dangerous baggage.
Written by Danny Palmer, Senior Writer

Cryptocurrency mining malware has been one of the most prolific forms of malicious software distributed by cyber criminals throughout 2018, but given how some view it as relatively benign compared with other more damaging attacks like ransomware and trojans, it's occasionally overlooked as a threat.

However, cryptojacking malware -- which secretly hijacks the processing power of infected machines to mine for cryptocurrency on behalf of the attacker -- is still ultimately a form of malware and users can't afford to be complacent about it.

That's because cryptocurrency miners give attackers a foothold into PCs which can be exploited to deliver more damaging malware in future, security firm Fortinet has warned in its latest threat landscape report, noting that underestimating cryptojacking places organisations under heightened risk.

"What we're finding out is that this particular malware also has other nefarious activities that it does while it's mining for cryptocurrency," Anthony Giandomenico, senior security researcher at Fortinet's FortiGuard Labs told ZDNet.

"It will disable your antivirus, open up different ports to reach out to command and control infrastructure, it can download other malware. Basically, it's reducing or limiting your security shields, opening you up to lots more different types of attacks".

A number of examples of cryptocurrency miners packing an additional punch have already been spotted in the wild: PowerGhost alters how systems perform scans and updates, while also disabling Windows Defender. Researchers say it has also been observed downloading an additional DDoS tool.

SEE: Cryptocurrency-mining malware: Why it is such a menace and where it's going next

PyroMiner cryptojacker -- which spreads with leaked NSA-hacking tool EternalRomance -- creates a backdoor on infected systems, allowing attackers to gain remote access with admin privileges. It can also open ports, disable services and kill processes, giving attackers large amounts of control over machines - should they choose to move away from mining.

Meanwhile, Adylkuzz miner is able to change firewall rules and kill processes like the Microsoft Management Console, as well as being able to alter Event Log Management services.

In each of the above cases, and more, those distributing the cryptojackers could easily use their malware to perform far more damaging attacks which could have severe consequences for victims -- or others, if that machine is roped into a botnet.

"It's like an add-on, like adding fries and a shake: you get a main meal, so why not add fries and a shake with it? Adversaries are going to do whatever they can do to get more revenue out of you," said Giandomenico.

The threat is only likely to get larger as more attackers look towards mining malware and more devices are connected to the internet: Fortinet figures suggest that 2018 has seen a 38 percent jump in the number of platforms affected by cryptojacking, with 20 percent of the security firm's users coming under attack from a form of mining malware.


Editorial standards