Cryptomining Malware - Silent But Deadly
By Sumit Bansal, Managing Director of ASEAN and Korea, Sophos
Sumit Bansal, Managing Director of ASEAN and Korea, Sophos
The cryptocurrency landscape will remain one of top discussion, given the volatile and mysterious behaviour of the currency
Measures that we put in place to simply handle the currency alone without factoring in threats, is a recipe for disaster. For example, in mid-September, China’s central bank ceased operations for virtual currency trading platforms in Beijing and Shanghai, South Korea banned financial institutions from dealing in with virtual currency on fears of creating a bubble and similarly in Singapore, the Monetary Authority of Singapore issued warnings, cautioning the public about the risk of the ‘bitcoin bubble’.
As with any rapidly adopted trend, there is always the risk of agents who apply their own malicious agenda for personal gains. This is exactly what happened with Cryptocurrency.
Cryptomining is the process to discover cryptocurrencies such as Bitcoin, Monero or Ethereum and has seen increased operations around the world, from individuals to companies who are looking to acquire digital currencies. The process of cryptomining involves the combination of advanced servers, an extremely fast network and financially-sound backing.
Cryptomining malware is when crypto-crooks covertly infect your computer with software to do the calculations needed to generate cryptocurrency; the crooks keep any cryptocoin proceeds for themselves. They do this because, to make any substantial returns with coinmining, you need a lot of electricity to deliver a lot processing power on a lot of computers. There are two options if you were to seriously venture into the cryptomining space, either rent space in a giant coinmining server farm with the latest technology and incur high costs, or you can steal electricity from others, processing power and air conditioning by using malware to sneak cryptomining malware into their networks, their browsers, their coffee shops, and more.
For companies who are looking to heavily invest into cryptocurrencies, on most occasions they will implement security measures; however, for individuals drawn to cryptocurrencies, this is more often not the case. In Singapore, ready-made cryptomining sets can be easily purchased in the open market for a starting price of around SGD$3,000. For attackers, individuals who purchase their own ready-made home mining kits are the perfect candidates to host cryptomining malware. The lack of or non-existent presence of security makes hijacking even more easier. For example, many individuals are enquiring on how to deal with the recently discovered malware named “WannaMine”, from the same family as “WannaCry”.
One of the fastest risers however in terms of cryptomining malware is CoinHive, a Monero miner that appeared in September. The number of sites that CoinHive has been lurking on has increased steadily. As the topic of crypto continues to dominate searches online, CoinHive JavaScript has been embedded on Monero-related searches by the likes of the infamous Pirate Bay – who conveniently forgot to mention that they were leveraging visitor browsers to mine cryptocurrency. Like most cryptomining malware, it will sit quietly on your computer and leverage your network to covertly cryptomine, resulting in a significant decrease in your hardware performance.
The cryptocurrency landscape will remain one of top discussion, given the volatile and mysterious behaviour of the currency. However, as regulations around personal mining are yet to be implemented, cryptomining malware, although significantly more low-key than previous malwares, still has the potential to add another layer of concern for those in the technology and finance space.
