Making money from mining cryptocurrencies isn’t just something that people do with their own hardware, malware authors have also been creating malicious software to have other people do the hard work them – and we don’t mean cloud mining. While this represents a new fad in the realm of malware authorship though, it may not be around in this guise for long.
“Cryptojacking is outpacing ransomware reports by a factor of 1 to 100, and these numbers will continue to increase …”
In our history of malware feature, we looked at how malware tends to come in waves. While the latest and most dangerous in recent memory has been ransomware, it’s been pushed far from the top spot of common attacks in recent months by the advent of cryptominers, which look to force infected systems to mine cryptocurrency directly. While it may have been riding high recently though, like the value of cryptocurrencies themselves, it’s a malware type that already seems to be on the decline.
Digital Trends spoke with some prominent digital security experts to find out what this means for the near future of malware and what they think cryptomining malware might look like in the months and years to come.
No crowned king lasts forever
“Since cybercriminals are always financially motivated, cryptojacking is yet another method for them to generate revenue,” said Liviu Arsene, senior E-Threat analyst at BitDefender. “Currently, it’s outpacing ransomware reports by a factor of 1 to 100, and these numbers will continue to increase for as long a virtual currencies remain popular and the market demands it.”
These stats were backed up by MalwareByte’s quarterly malware report. It noted that cryptomining had become one of the most common malware in recent months. It suggested that it had increased by as much as 4,000 percent in the consumer sector over the last quarter. It was also growing in the business space, with a 27 percent increase in overall detections during last quarter.
That increase made it the second most common digital infection. MalwareBytes noted over the past three months, falling only just behind adware. In comparison, ransomware, which has been a major threat for the past few years, saw a notable decline in the consumer space, falling by 35 percent.
Part of that could be to do with the more sophisticated targeting of ransomware at businesses and larger enterprises, but it may also be that the top producers of the ransomware software have been halted in their tracks.
“I wish there were miners everywhere, that [it was] all we had to deal with.”
“There was a big arrest last year, that was likely the creators of cerber, the biggest ransomware family at the time,” MalwareBytes head of malware intelligence, Adam Kujawa told us. “If that was the case, it makes sense that that particular malware family would drop off. After that we’ve seen a couple of new families, but nothing that’s being distributed at the same sort of level.”
Since that happened, Kujawa noted that MalwareBytes had seen a general drop off in ransomware distribution and that this was indicative of the marketplace shifting direction.
Profile of a new predator
Although old standouts like adware and spyware are still more prevalent than cryptojacking, the new kid has quickly become one of the most common threats seen. Malware authors will take a freely available cryptocurrency miner that is aimed at consumer usage and modify it so that it runs silently on a system, making it harder to detect and therefore giving it longer to generate income for the author before it’s discovered. The malware is then usually distributed alongside some other form of malware like an exploit kit which allows it to be installed in the first place.
But even if you don’t download a malicious file or click a dodgy link, websites themselves can force your machine into the crypto mines, like the extremely prevalent CoinHive incident from earlier this year.
“Browser-based cryptojacking is becoming very popular amongst cybercriminals, especially when end users are concerned,” explained BitDefender’s Arsene. “Deploy it within legitimate and high-traffic websites after they’re breached their security, it has immediate return-on-investment as each visitor will mine cryptocurrency for as long as the script-based miner remains on the server.”
Cryptomining has a few unique features too, compared to other commercial malware solutions. For starters, it’s almost platform agnostic, with infections cropping up on Macs and Android devices, as well as Windows PCs. Kujawa told Digital Trends that as many as 1,000 new Mac-targeted cryptominers had appeared in the past three months alone.
So, what’s the problem?
If cryptomining isn’t particular smart or targeted then, is it something we need to be too concerned about? If a victim’s computer runs slow while they’re on an infected website, rather than having their files encrypted or identity stolen, would it not be better for everyone if malware authors focused on that kind of attack than more traditional ones?
“The fact that the victim is running cryptocurrency mining software is the least of their problems.”
“The spread of cryptominers is no where near the ‘everybody panic’ state [like] when encrypting ransomware first came out,” Kujawa said. “I wish there were miners everywhere, that that’s all we had to deal with, and no ransomware or information thieves.”
BitDefender’s Arsene agreed, to a point, suggesting that on the surface cryptojacking was relatively benign. However, as much as this sort of malware might be less of a threat than other types, that doesn’t mean it doesn’t have potential to damage — or mask more serious threats.
One such threat facing businesses is a loss of productivity, as MalwareBytes’ CSO and CIO, Justin Dolly, explained. If left unchecked, cryptominers also have the potential to cause damage to hardware. As MalwareBytes found when one of its malware-trap systems was infected with a number of miners.
“After the cryptomining craze [last year] one of our systems had its graphics card fried, because of how many miners were being loaded up in analysis of this system,” Kujawa said. “[They] would rev up the GPU cycles and CPU and just kill it, so we had to replace the graphics cards.”
Perhaps the biggest risk with cryptomining though, is that it can be used in tandem with other types of malware. Imagine a ransomware attack the user is scrambling to figure out how to decrypt their files, their PC is mining away and earning the attackers even more money.
“This will likely fuel the need to create mining rigs made of large botnets.”
“If a victim has been compromised using an unpatched vulnerability or via a fileless attack, the fact that the victim is running cryptocurrency mining software is the least of their problems,” said BitDefender’s Arsene. “Technically, the attacker could have deployed any payload – ranging from keylogging malware to data exfiltration malware.”
Even if cryptomining malware doesn’t bring with it a whole host of other problems too, there’s always the chance that it will not be detected for months or even years in the case of some systems.
How long is the wave going to last?
Cryptomining might be more dangerous than it appears, but like all other types of malware, it is likely to have its heyday. Indeed, as cryptocurrency values have fallen since the end of 2017, the instances of cryptojacking have been falling too. While the overall numbers might be higher than last quarter, they are lower than their peak, as Malwarebytes’ latest malware report shows.
“Cryptojacking is definitely here to stay,” BitDefender’s Arsene said. “These numbers will continue to increase for as long as virtual currencies remain popular and the market demands it.”
Another interesting wrinkle he raised was that as the difficulty of mining of various cryptocurrencies increases, it could be much more lucrative to get others to do the hard work for you.
“Since mining for cryptocurrency will become increasingly more expensive to mine using someone’s own private hardware, this will likely fuel the need to create mining rigs comprised of large botnets, hence fueling the cryptojacking threat,” he said.
That’s something that MalwareBytes sees as having a lot of potential too. Especially when you consider some of the enormous IoT driven botnets we’ve seen in recent years. But ultimately that all depends on whether it’s actually worth it to keep investing in that avenue of malware authorship.
If anything, it’s easier for digital security companies when a new trend is breaking. They know what they need to focus on in the immediate future. But now that cryptominers may have peaked, the experts are unsure of what to expect next.
“This is an anomalous time right now, and that’s the scariest part,” Kujawa said. “The scary part is not knowing where the criminals will go when cryptocurrencies no longer interest them.”
