Covert cryptocurrency mining malware is on the rise, and computer owners should be wary. As we have documented on this site multiple times, rogue cryptocurrency mining malware is of keen interest to cybercriminals. By distributing this mining malware, criminals can effectively use victims’ computer resources to mine Ethereum, Monero, and a few other currencies. A new report from Kaspersky Lab shows how lucrative this business has become.

Rogue Cryptocurrency Mining Malware is on the Rise

Cryptocurrency has attracted a lot of attention from cybercriminals over the past few years. The most prolific attacks involving cryptocurrency come in the form of ransomware, but there are plenty of other ventures to explore as well. One of those ventures revolves around infecting victims with cryptocurrency mining malware. The end result is that a computer will generate popular cryptocurrencies on behalf of the malware developer. It is not a way to get rich overnight by any means, but it has certainly caught on.

The new report by Kaspersky Lab shows how much things have evolved in this industry over the past few months. The first eight months of 2017 have been pretty positive for cybercriminals, but not necessarily for computer users. In fact, 1.65 million users were protected from rogue cryptocurrency mining malware through the company’s software alone. This number indicates that the number of total infection attempts is much higher. 

Once a computer is infected with cryptocurrency mining malware, it will become noticeably slower. Both CPU and GPU resources will be pushed to their limits as one small piece of software is effectively using the computer to generate cryptocurrencies for someone else. In most cases, these cryptocurrencies include Ethereum, Zcash, and even Monero. Bitcoin is not high on this list, as it is not easy to mine with your typical computer. Even when using someone else’s computer, criminals still want to make as much money as possible. Bitcoin does not guarantee any profits whatsoever unless one gets very lucky.

Most of this mining malware is distributed through so-called social engineering. Large botnets are created without the computer user being any wiser. These botnets combine the processing power of millions of devices around the world for efforts such as cryptocurrency mining. Attacks such as these install mining malware on more than just consumer’ computers. In fact, the report mentions that there are growing numbers of attempts to install such malware on servers owned by organizations.

The report also details how one particular botnet generated over US$30,000 worth of cryptocurrency every single month. This goes to show the distribution of cryptocurrency mining malware can be pretty lucrative when done properly. That is not a positive sign for anyone who is not a cybercriminal. Although botnets have traditionally been considered minor threats, things are quickly evolving in the wrong direction. Sources claim San Francisco State University’s computers may be part of a growing botnet as well, which shows how this problem is growing by leaps and bounds.

To make matters even worse, cryptocurrency mining malware has undergone some major changes under the hood. A lot of these “new” tools can effectively pause the mining process when the computer user is performing intensive tasks such as video editing or running games. This allows the malware to remain hidden for an extended period of time. Some variants can actually suspend their own activity if a software tool is actively monitoring system resources. For example, opening the Windows Task manager would suddenly suspend this hidden mining process.