Back to blog

What is Crypto Mining Malware & CryptoJacking

Oct 29, 2020

What is Crypto Malware

Cryptocurrency malware is a type of program that secretly uses a computer’s resources to mine cryptocurrency. All the reward is sent back to criminals while your device is worn down and becomes slower.
Crypto malware won’t steal or damage your data, but your computer’s CPU and overall performance are at high risk. It does leech CPU processing power and can reduce the lifetime of your hardware.

How crypto malware works

There are two types of cryptocurrency mining malware:

Based on special files – In this case, mining happens due to special software uploaded and installed on a user’s device. This is done through phishing tactics. For example, the victim receives a seemingly harmless email with a link or file. When the user clicks on the link or downloads the attachment, the malicious code gets installed on the computer. Then the code works in the background without the victim’s knowledge.

Based on a web browser – In this case, mining happens via a web-browser with JavaScript code integrated into a web-page. Here no code is stored on the victim’s computer. This method is called cryptojacking and has become increasingly popular since 2017.

A program uses your computer resources to solve complex mathematical problems and sends all the mining reward to hackers in both cases. The longer you are unaware that your device is exploited, the better for the hackers.

How to detect crypto malware

There are a few clear signs that your PC, Mac, or another device is infected with crypto mining malware:
– your computer is overheating, and the fan is running a lot
– The battery of your tablet or mobile phone is dying faster than usual, and the device is hot.
– The device is using a lot of CPU resources.
There are a few firms that successfully fight crypto malware, for instance:
– SecBI has put out a tool to detect and identify cryptojacking threats correctly. Additionally, the software will immediately add a new cryptojacking specific defense to your firewall or take other precautions.
– Darktrace detects crypto mining malware via network traffic. They have anomaly detection at their network level and can capture small abnormalities in all sizes’ computer systems.

How to avoid crypto malware

Don’t underestimate the damage that can occur from crypto malware. All the electricity costs for power consumption are on you. Besides, your device becomes slower because the computing power is siphoned off to the mining process.

Beyond that, the fact that you have malware on your computer means that your PC is completely vulnerable to a host of other threats. Today criminals use it for cryptojacking, and later they will use your resources for something else. There is no magic bullet for this malware, but you can avoid it by practicing safe computing:
– Use reliable antiviruses and specialized software solutions for crypto mining malware detection.
– Check your traffic: frequent use of popular mining pools is a red flag that you’re a crypto mining malware victim. You can block these domains with a firewall.
– Install the latest updates and patches on your device. It prevents hackers from using vulnerabilities in your system.
– Regularly update your credentials to make your devices less prone to unauthorized access.
– Be careful when facing well-known social engineering attacks: suspicious links, attachments, dubious third-party applications, etc.

Cases of CryptoJacking

Cryptojackers use complex methods to trick their victims and make them download malware. We have found several interesting real-world schemes of how they got people to install viruses. It will help you understand what tricks cybercriminals use and how your PC can get infected.

Source: SonicWall

KryptoCibule case

Security specialists of ESET antivirus software discovered a new crypto mining malware that had been stealing users’ power since 2018. The virus, called KryptoCibule, is distributed on torrents via pirated versions of popular video games and software. The malicious software works on several levels:
– It exploits the CPU and GPU of infected computers to mine XMR and ETH. The software tries to mine both coins while remaining undetected by a user.
– KryptoCibule monitors a clipboard and can secretly replace a copied address with one of its own. Thus a user may transfer funds into the hacker’s digital wallet without noticing it.
– The malware scans hard-drives looking for files containing passwords and private keys.
– KryptoCibule’s RAT lets hackers perform commands on the infected device via a backdoor and install additional malicious code.

BlackSquid case

Researchers from Trend Micro found another malware called BlackSquid that targetted Thailand and the US in 2019. They found out that the malware uses numerous web server exploits and brute-force attacks.

It attacks devices via web pages with malicious code, compromised web servers, and even infected USB drives. Then it installs the popular Monero cryptocurrency miner XMRig and looks for a GPU to use its capacity for crypto mining and maximize the profit.

Get infected through GitHub

Avast Software reported that crypto mining malware had been distributed via GitHub. The scheme was simple: to find a legitimate project and create a forked project with a well-hidden virus. Then the hackers used phishing and social engineering methods to lure people into downloading their malware.

Graboid – the first crypto mining worm

Palo Alto Networks published a report about cryptojacking malware with self-spreading features. The so-called Graboid is the first known crypto mining worm. It spreads by finding Docker Engine deployments that are exposed to the internet without authentication. The researchers claim that more than 2,000 Docker deployments suffered from the worm.

BadShell uses legitimate Windows processes

The Comodo Cybersecurity team found malicious software that uses a legitimate process of Windows OS to mine cryptocurrency. The mining crypto malware was:
– Executing commands with PowerShell
– Using Task Scheduler to ensure persistence
– Holding the binary code of malware with Registry
Read more details about the malware here: Comodo’s Global Threat Report Q2 2018 Edition.

Mining via routers

In September 2018, Bad Packets reported hundreds of thousands of compromised MikroTik routers, which installed cryptojacking software on victims’ devices. The malware used a well-known vulnerability (CVE-2018-14847), which has already been patched by MikroTik. The users that ignored the update became easy targets for cybercriminals.

Facexworm – dangerous browser extension

Facexworm is a Google Chrome extension, which initially was adware and later started targeting cryptocurrency mining. The extension infects systems via fake Facebook accounts that send links with malware. It can also steal web accounts and credentials, which allows it to inject cryptojacking code into those web pages.

Crypto Malware vs. Crypto Ransomware

Some people combine crypto malware and ransomware, while others define them as different notions. Anyway, both can be described as viruses:

Malware uses your computer to mine cryptocurrency for hacker’s benefits.
Ransomware blocks computer files to blackmail a user into paying a ransom in Bitcoin or other cryptocurrencies; otherwise, the files will be destroyed.

Crypto Malware vs. Crypto Ransomware

There are plenty of different types of crypto ransomware, such as CryptoWall, CryptoLocker, and CryptoDefense. These viruses were distributed through emails, messengers, and drive-by download attacks (when a software is installed without your consent). The popular file formats to hide ransomware are:

Microsoft Word document (.doc or .docx file)
Microsoft XSL document (.xsl or .xslx)
XML document (.xml or .xslx)
Zipped folder with a JavaScript file (.zip file containing a .js file)
Multiple file extensions (e.g., exe.PDF.js)

Security Tips Against Crypto Ransomware

Protection against ransomware is almost the same as against malware:

Use a reliable anti-virus with advanced security features that can identify ransomware threats.
Update all your applications regularly. Make sure that you’ve turned on the auto-update feature of your Operating System and applications.
Don’t download files from unknown sources. You can check downloaded files with an anti-virus before you open them.
Create and regularly update a backup of your important files and data. In case you’ve got ransomware on your PC, you can reformat your hard drive, reinstall the system and restore your data from the backup.

Final Words

Cryptocurrency malware and cryptojacking are still a threat for every cryptocurrency enthusiast. Hackers create more and more intricate schemes to trick you and take control of your devices. Follow the best practices of “cyber hygiene” to avoid any possible attacks and stay safe online.

Store cryptocurrency safely on Freewallet

Safe cryptocurrency storage is available on Freewallet: Crypto Wallet for your Android devices and desktop via the web app.

Manage EOS, ETH, and 150+ other coins and tokens in one place.
Buy BTC, ETH, EOS, LTC, and more coins directly in the app.
Seamlessly exchange coins with other digital money right in the wallet.
Make free transfers with other Freewallet users.
Check the exchange rate of digital currencies in the wallet.
Keep your funds safe with enhanced protection features, including 2FA, multisig, and transaction limits.
The majority of assets are kept in cold storage, ensuring that your coins won’t be lost or stolen.

Feel free to sign-up with your Facebook, Gmail, email, or mobile number and try Freewallet.

If you have any questions regarding cryptocurrencies on Freewallet, please get in touch with our support team. They are ready to guide you and solve any problem 24/7.

Rate: