What is Crypto Mining Malware?

Also commonly known as “cryptojacking”, this practice involves the use of software to take over the computing resources of targeted individuals or groups, without their knowledge, with the sole purpose of mining cryptocurrencies for the attackers.

Desktop as well as mobile devices can be targeted and it has been stated in a report by Kaspersky Labs that such a program can bring upwards of 30.000 USD monthly for these cyber criminals.

One recent example of one of these malwares, as reported on by CCN, is the one called KingMiner. Recently discovered to have been updated in order to make detection even harder, it goes to show just how common these attacks have become. Any device that has a internet connection and a processing unit can be targeted, even security cameras, gaming consoles or home internet routers.

McAffee Report

A very extensive and interesting report by the antivirus company McAffee, shows the increase in these activities over the past year. As cryptocurrencies grew in price and popularity during the end of 2017, so have cryptojackers stepped up their activity.

There has been a surge in these practices during the last quarter of 2017, going into Q1 2018, then a slight drop for Q2 2018, followed by another surge in Q3 and Q4 2018, culminating in a 71% increase by this last quarter.

In their report, McAffee also talks about the different way attackers are using messaging apps like Telegram, Discord or Slack to infect even more devices.

Kaspersky Report

Very similar to the one from McAffee, Kaspersky made a report on cryptojackin too, finding a 40% increase in these cases, up to a huge 13 million cases detected in 2018, up from 3.5 million in 2017.

As this practice grows,companies like McAffee and Kaspersky from Russia are keeping a close eye on the developments and are trying to block as many of these efforts as possible. It does however help to be aware of the dangers and try to steer clear from untrustworthy content.

Browser Based Crypto Mining

As mining malware can come in quite different forms (downloadable files, clickable links etc.) some attackers have also been using the method of injecting certain websites with mining scripts, invisible for the regular user browsing them. As this is done without the user’s consent, it can and should be considered cryptojacking.

However, stemming from these immoral and borderline illegal practices, the idea of turning it into a legitimate, transparent, safe and viable alternative for website/app monetization is growing. The malicious actions of attackers should not be tolerated, although, on the flip side, it can be a very effective way of harnessing the power of Proof of Work blockchains and cryptocurrencies for the benefit of publishers and users alike, maybe even replacing ads completely one day.