China: 20 Arrested in Cryptojacking Case Allegedly Affecting Over 1 Million Computers

Published at: July 9, 2018

20 suspects have been arrested in China in a major cryptojacking case allegedly affecting over one million computers and generating 15 million yuan (about $2.2 million) in illicit profits, local news source Legal Daily reports today, July 9.

Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

According to local sources, investigation of the case began in January 2018, after the security team at Tencent –– the tech giant that developed WeChat –– alerted the Weifang City Public Security Bureau about a mining script hidden in freely-downloadable plugins.

The so-called “trojan horse” style mining script was reportedly programmed to run whenever it detected that the CPU utilization of the computer was at less than 50 percent.

After the script’s developers were traced to the city of Qingzhou, the Qingzhou Public Security Bureau established a dedicated task force to handle the investigation, local media reports.

Based on information revealed in the trial of one allegedly involved individual –– arrested in March –– the task force subsequently uncovered the implication of a company called Dalian Shengping Network Technology, leading to 16 more arrests. The company is alleged to have advertised free downloads to 2.89 million computers, selecting over 1 million of them for cryptojacking.

On April 18, two men operating for yet another company were then charged with bundling the malware together with network management software used by internet cafes in Heilongjiang Province. A further individual was arrested in connection with the task force’s seizure of the mining program the following day.

Eleven of the suspects have now been released on bail.

Over the two years that the cryptojacking scheme ran, 15 million yuan ($2.2 million) in crypto was allegedly mined.

Just last month, a new report published by cyber security firm McAfee Labs revealed that certain forms of cryptojacking rose a staggering 629 percent in the first quarter of 2018, compared the previous quarter.

Also in June, a cybersecurity team discovered that 40,000 devices across various industries had been infected by a Monero (XMR) miner as part of a hybrid malicious traffic manipulation and crypto mining campaign.

Tags
Related Posts
New Ransomware Uses a Banking Trojan To Attack Governments and Companies
A new type of ransomware attack emerged in recent months, raising red flags among the cybersecurity community and authorities such as the FBI in the United States. Cybersecurity firm Group-IB has warned that it comes in the form of a Trojan, according to a report published on May 17. According to Group-IB’s study, the ransomware is known as ProLock and relies on the Qakbot banking trojan to launch the attack and asks the targets for six-figure USD ransoms paid out in BTC to decrypt the files. The roster of victims includes local governments, financial, healthcare and retail organizations. Among them, …
Bitcoin / May 19, 2020
Consumer-Targeted Cryptojacking Is ‘Essentially Extinct’: Research
Illicit crypto mining — or cryptojacking — against consumers “is essentially extinct,” declares a report released by cybersecurity company MalwareBytes on April 23. Per the report, after in-browser mining service CoinHive shut down in early March — when the team claimed that the project had become economically inviable — cryptojacking against consumers has sharply decreased. At the same time, the number of such attacks targeting businesses increased from the last quarter. Furthermore, MalwareBytes also notes that bitcoin (BTC) holders who use Electrum wallets on a Mac have lost over $2.3 million in stolen coins to a Trojanized version of the …
Bitcoin / April 27, 2019
Ukrainian Man Faces up to 6 Years in Jail for Cryptojacking on His Own Websites
Ukraine’s Cyber Police have arrested a man who allegedly placed crypto mining malware scripts on his own websites, local law enforcement reported on March 26. The cyber crime unit of the national police of Ukraine arrested a 32-year-old man from the Bukovina region who allegedly placed cryptojacking software on a number of educational websites that he created and administered. The unspecified websites and internet resources had 1.5 million monthly visitors, the police reported. The police also stated that the installed malware on the websites was deploying visitors’ devices’ CPU and GPU power to illegally mine cryptocurrencies. The authority has conducted …
Bitcoin / March 27, 2019
China: Man Gets 3.5 Years in Jail for Stealing Train Power to Mine Bitcoin, Local Media
A man in China has been been sentenced to three and a half years in jail for stealing power from a train station to fuel his Bitcoin (BTC) mining operations, local media outlet The Paper reports October 8. According to court documents released today, the sentencing was served September 13 at the Datong Railway Transport Court in China’s northern Shanxi province. In addition to jail time, the individual, a local named Xu Xinghua, has reportedly been fined 100,000 yuan (around $14,500). Xinghua is said to have stolen electricity from one of the factories at Kouquan Railway back in November and …
Bitcoin / Oct. 8, 2018
Malwarebytes' Cybercrime Q2 2018 Report: Cryptojacking is Plateauing in Response to Markets
Interest in cryptojacking is potentially waning among cybercriminals in response to lower cryptocurrency market valuations, according to a report from MalwareBytes Labs released July 17. Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The data and analysis laid out in Malwarebytes Labs’ “Cybercrime Tactics and Techniques: Q2 2018” report shows that while cryptojacking remains popular, decreases in detections of the activity across the board suggest that the trend may be beginning to decline: “We are not certain which [cybercrime] threat is going to take over as the top …
Bitcoin / July 18, 2018