Cryptocurrency hackers were busy during 2018, and it wasn’t launching ransomware attacks at companies and individuals around the globe.
With the price of digital tokens declining throughout 2018, hackers set their sights on a better payload: crypto mining malware.
According to McAfee, the Santa Clara, California-based cybersecurity company, coin mining malware increased 4,000%. In the fourth quarter of 2017 there was 500,000 new coin miner malware and by the end of the third quarter of this year, it jumped to 4 million. “Mining cryptocurrency via malware is one of the big stories of 2018,” McAfee said in its McAfee Labs Threats Report.
Crypto mining scams occur when a hacker accesses someone’s computer without their permission to mine for digital tokens. Hackers will infiltrate a computer by tricking a person into clicking on a malicious link in an email or they will infect a website to gain access. McAfee highlighted in the report one incident discovered by security researcher Remco Verhoef in which crypto mining malware was distributed in crypto mining chat groups. Users in Slack, Telegram, and Discord were urged to click on the link and download what was purportedly a fix for crypto issues. Once downloaded, the fake line of code infected the user’s device. “Cryptominers will take advantage of any reliable scenario,” said McAfee.
Symantec Sees Rise In Cryptojaking
McAfee isn’t the only one seeing crypto mining scams. According to cyber security company Symantec in December the activity appeared to peek with the security software company blocking 8 million cryptojaking events. As of July of this year, Symantec said it has blocked 5 million cryptojaking events.
The impact on users is typically a slowdown in the device, batteries that overheat, increased energy consumption and in some cases the computer is rendered useless. Sure they may only make ten cents off of one computer, but it’s on a recurring basis and add hundreds or thousands of computers to the mix and it suddenly becomes attractive to the hackers.
While targeting computers will yield hackers the best results, McAfee found that during the year, some scammers took advantage of internet connected devices that weren’t patched. It highlighted an incident in which MikroTik routers were compromised and acted as digital token miners. The hackers targeted unpatched devices in North America and Brazil, McAfee reported.
“We would not usually think of using routers or IoT devices such as IP cameras or video recorders as crypto miners because their CPUs are not as powerful as those in desktop and laptop computers,” wrote McAfee. “However, due to the lack of proper security controls, cybercriminals can benefit from volume over CPU speed. If they can control thousands of devices that mine for a long time, they can still make money.” The idea behind targeting IoT devices is that the hackers can easily create a “mining supercomputer,” said McAfee noting that malware targeted at IoT devices jumped 72% in the third quarter. Total malware grew 203% in the past four quarters, the security firm noted.
Crypto Mining Malware Displaces Ransomware
The rise of crypto mining malware this year has displaced ransomware which was a huge story in 2017 as bitcoin and other digital token prices plummeted. With hackers no longer making money off of holding individuals and companies data ransom they searched for new ways to earn a living. Crypto mining malware is attractive because it can go undetected for a very long time but takes longer to make money off the scam. A ransomware attack can yield a hacker more money in less time but the victim will become aware very soon and could balk at paying.
“Although we have seen a decline in the number of unique families during recent months, ransomware remained active in Q3,” wrote McAfee. “The decline in new families may be due to many ransomware actors switching to a more lucrative business model: crypto mining.”