Researchers at NTT Security[1]’s Global Threat Intelligence Center[2] (GTIC) have issued a warning regarding cryptocurrency mining malware in a report[3] published today.
NTT Security has visibility into 40 percent of the world’s internet traffic, and its GTIC has detected approximately 12,000 samples of crypto-mining malware since March of 2015.
Crypto-mining malware infects computers via the same channels as other malicious software. NTT Security noted that phishing emails were the most common method of transmitting the software. The software operates by siphoning the host computer’s power and resources to mine digital currency without the rightful owner of the device ever knowing, and with the proceeds from the mining being sent to the creator of the malware.
There is another means by which unsuspecting device owners can have their computer’s power hijacked for the purpose of mining digital currency, and this can be achieved without actually installing any malware on the host computer. A company known as Coinhive[4] offers a JavaScript-based cryptocurrency miner, which a website can embed in its code to utilize the computing resources of various devices connected to that site to mine virtual currency.
Basically, Coinhive allows websites to silently mine cryptocurrency by utilizing the resources of their users’ computers while they’re connected to the site. The intention of Coinhive is to offer an alternative revenue generation method to suppliers of digital media who prefer not to rely on advertising as their revenue source. Despite the benign intentions of Coinhive, the tool they’ve created has the potential to be abused on a massive scale. NNT Security found that nearly 38,000 websites have Coinhive’s JavaScript miner embedded within their code.
Terrance DeJesus, a threat research analyst at NTT Security, said,
“The use of coin miners will, without a doubt, grow and become more advanced in time, possibly being built into other malware types such as banking Trojans, as well as ransomware. There are serious business implications to ignoring this current threat. We are encouraging all companies to be more vigilant of cybersecurity threats to their business. There are often simple and effective ways to mitigate risks, but too often the most obvious things are overlooked.”
The cryptocurrency of choice to be mined in this manner is Monero (XMR)[5]. The privacy-oriented coin obfuscates transactions on its blockchain, making it impossible to see the addresses and amounts involved, and preventing anyone from tracing the movement of any given XMR.
The Monero blockchain also hides the XMR balances of users, so a public “rich list” is not available. The opacity of Monero has led to a boom in the popularity of the cryptocurrency on the Dark Web. The hackers behind the infamous WannaCry[6] cyber attack last year recently converted a large portion of their ill-gotten gains into XMR from BTC. While the association with criminals has led to a negative public conception
