Kaspersky: Cryptojacking Increasingly Popular Attack Vector for Botnets

Published at: Nov. 29, 2018

A new bulletin from Russian internet security company Kaspersky Labs published Nov. 28 states that crypto mining malware became increasingly popular among botnets in 2018.

Stealth crypto mining attacks – also know as cryptojacking – work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

According to Kaspersky, after the crypto market bull run subsided in Jan.-Feb. 2018, interest in cryptojacking also briefly tapered off – yet it has nonetheless remained a consistent and current threat throughout the year.

Number of unique users attacked by miners in Q1–Q3 2018

Among botnets in particular, during the Q1 2018 cryptojacking “boom,” the share of cryptojacking malware downloaded by botnets, out of total files, hit 4.6 percent – as compared with 2.9 percent in Q2 2017. The bulletin extrapolates that botnets are therefore becoming increasingly viewed as a means of spreading crypto mining malware, with cybercriminals increasingly viewing cryptojacking as more favorable than other attack vectors.

Kaspersky thus found that Q3 2018 saw a decline in the number of DDoS attacks from botnets, arguing “the most likely reason being [...] the ‘reprofiling’ of botnets from DDoS attacks to cryptocurrency mining”:

“[I]f executed properly, [cryptojacking] can be impossible for the owner of an infected machine to detect [...] the reprofiling of existing server capacity completely hides its owner from the eyes of the law. Evidence suggests that the owners of many well-known botnets have switched their attack vector toward mining.  For example, the DDoS activity of the Yoyo botnet dropped dramatically, although there is no data about it being dismantled.”

Other factors in the rise of cryptojacking are the low “entry threshold” for cybercriminals; web browser based code, such as Coinhive, is one option, and there are also a range of “ready-to-use affiliate programs, open mining pools, and miner builders” at attackers’ disposal.

The report notes that “time will tell” what the impact of the November crypto market crash will be on the prevalence of cryptojacking infections.

In mid November, cybersecurity research team McAfee Labs uncovered new Russia-made mining malware, which uses consumer devices to mine Monero (XMR), running almost without a trace.

Tags
Related Posts
15 Arrested in China for Allegedly Bribing Internet Cafe to Mine Crypto
Chinese authorities arrested fifteen men suspected of corrupting an internet café administrator to mine cryptocurrency. Local crypto industry news outlet 8BTC reported on Sept. 3 that police in Henyang, a city in south central China’s Hunan province, arrested the man for cryptojacking. Over 9,000 computer administrators were reportedly involved in helping the unauthorized mining operation. A profitable endeavor The cryptocurrency mined by the suspects in the four months ending in July has been sold for over a hundred million yuan (about $14 million). Local police received a report suggesting that many local Internet cafes were running cryptojacking malware. The findings …
China / Sept. 4, 2019
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research
American software security firm Symantec found a spike in a new crypto mining malware that mainly targets enterprises, TechCrunch reports on April 25. The new cryptojacking malware, dubbed Beapy, uses the leaked United States National Security Agency (NSA) hacking tools to spread throughout corporate networks to generate big sums of money from a large amount of computers, the report notes. First spotted in January 2019, Beapy reportedly surged to over 12,000 unique infection across 732 organizations since March, with more than 80% of infections located in China. As found by researchers, Beapy malware is reportedly spread through malicious emails. Once …
United States / April 25, 2019
Cyber Security Firm Check Point Research Reports of ‘Evolving’ Monero Cryptojacker
Cyber security firm Check Point Research has found that the KingMiner cryptojacker targeting cryptocurrency Monero (XMR) is “evolving,” according to a company’s blog post published Nov. 30. KingMiner was purportedly firstly detected in mid-June, subsequently evolving in two improved versions. The malware attacks Windows Servers by deploying various evasion methods to skirt its detection. Per Check Point data, several detection engines have registered significantly decreased detection rates, while sensor logs have shown a growing number of KingMiner attacks. The firm has been monitoring KingMiner activity over the past six months and concluded that the malware has evolved in two new …
Cryptocurrencies / Nov. 30, 2018
Cryptojacking Protection an Area of Focus for Microsoft’s Edge Browser
Edge, the web browser of information technology giant Microsoft, now blocks cryptojacking malware. A Microsoft Edge spokesperson told Cointelegraph on Feb. 10 that the latest version of the web browser features a new PUA (Potentially Unwanted Apps) blocking feature that may block some illicit cryptocurrency mining malware. When asked about whether Microsoft plans to protect Edge users from illicit cryptocurrency miners, the spokesperson said that “this will be a particular area of focus.” As cryptojacking is increasingly becoming a cybersecurity threat, efforts to tackle the issue are also scaling up. A new cybersecurity feature Cryptojacking is the practice of illicitly …
Altcoin / Feb. 10, 2020