Mining malware grows 4,000% year on year

Speculative demand for cryptocurrencies has subsided over the past 12 months, but the amount of malware for cryptocurrency mining operations has exploded.

The latest McAfee Labs Threat Report shows that in the past four quarters ending September, the number of cryptocurrency miners running on malware rose to nearly 4 million, or a 4,467% increase. From the second quarter to the third quarter, mining malware grew 55%.

According to the cybersecurity firm, much of the malware has been transferred not just to regular desktop computers or laptops, but to Internet of Things (IoT) devices such as cameras and video recorders, as well as routers, which are assumed not to be targeted due to their relatively low processing power.

“[C]ybercriminals have taken notice of the growing volume and lax security of many IoT devices and have begun to focus on them, harnessing thousands of devices to create a mining super-computer,” McAfee Labs said.

One malware program, for Mac operating systems, was named OSX.Dummy, which users on mining chat groups were asked to download, purportedly to fix mining issues. “The users essentially infected their own devices instead of falling victim to an unknown exploit or an exploit kit,” the report read.

One other operation, begun in 2017, had the malware included in an add-on for open-source media player Kodi.

MikroTik routers were found to have a vulnerability, with security researcher Troy Mursch reporting 3,700 compromised devices that had been used as miners, primarily in North America and Brazil.

McAfee Labs lead scientist Christiaan Beek said of the recent report, “Cybercriminals are eager to weaponize vulnerabilities both new and old, and the number of services now available on underground markets has dramatically increased their effectiveness… Following up-and-coming trends on the underground markets and hidden forums allows the cybersecurity community to defend against current attacks and stay a step ahead of those in our future.”

Last month, McAfee Labs announced that it had detected malware for the mining of Monero, called WebCobra, and that this had been traced to hackers from Russia.

With many cryptocurrencies’ prices down in 2018, the amount of power required for mining operations has proven not to be cost-effective save primarily for those who use more efficient ASIC (application-specific integrated circuit) chips.