Researchers at Kaspersky Labs have released a report stating that 2018 has been the year of the crypto-miners.

Previous years were noted for ransomware or browser hijackers but this year has seen the biggest rise in mining malware designed to commandeer unsuspecting computers for their processing power. Most malware infects a computer when it is downloaded alongside compromised software and websites such as games, gambling or porn. High profile cases have involved compromised Facebook Messenger code and Chrome extensions, so even the big boys are not immune.

According to the Kaspersky Security Bulletin, published yesterday, the beginning of the year saw a rise in the number of crypto mining related attacks which tailed off as prices fell. As the markets slid further down, losing as much as 85% from all-time high to 2018 low, the prevalence of mining malware fell but the associated threat remained high.

Botnets The New Weapon of Choice

The statistics indicate that botnets are responsible for a lot of the crypto mining malware disseminated this year. These global networks of automated attack bots running on compromised systems have become the weapon of choice for cyber-criminals looking to spread malware and mine crypto. During Q3 this year, use of botnets to carry out DDoS attacks has fallen as the amount of mining malware relayed through them has risen.

“Mining differs favorably for cybercriminals in that, if executed properly, it can be impossible for the owner of an infected machine to detect, and thus the chances of encountering the cyberpolice are far lower. And the reprofiling of existing server capacity completely hides its owner from the eyes of the law. Evidence suggests that the owners of many well-known botnets have switched their attack vector toward mining,” the research noted.

The study also indicates that mining malware and its purveyors are getting more sophisticated. Using stealth to mask its presence, employing file-less techniques, and only drawing a percentage of the infected system’s resources can reduce detection. Things have evolved a lot beyond last year’s primary threats which included malware that detected crypto addresses pasted into notepad, and changed the destination wallet address to the attackers when repasted.

The most common mining trojan was found infecting machines predominantly in India, Russia, and Kazakhstan, with the US, Switzerland and the UK least affected.

Unsurprisingly, the research also reveals that Monero is the crypto coin of choice for cyber criminals. Reasons included the anonymous nature of XMR achieved with the use of ring signatures and transaction obfuscation. Additionally its high market value and ease of re-sale adds to its appeal.

The research indicates that a total of $175 million has been mined illegally, representing around 5% of all Monero currently in circulation. It is for this reason, and money-laundering concerns, that some countries such as Japan have blocked exchanges from dealing with highly anonymous cryptocurrencies.

Image from Shutterstock