A researcher at Palo Alto Networks, Josh Grunzweig published “The Rise of the Cryptocurrency Miners” article. According to the data collected by the company’s WildFire platform, the number of cryptocurrency mining malware samples has maintained a rapid increase since 2017. This means that illegal cryptocurrency mining is becoming a new type of cyber threat, and more and more cyber attacks have begun to tend to exploit the cryptocurrency to mine malware.
The following figure shows how many new cryptocurrency mining malware samples have been identified over time. But it is worth mentioning that this data does not represent all of them, which does not include JavaScript or web-based malicious mining activities, and these activities are also continuing to plague every Internet user.
Starting around June 2017, the prices of Bitcoin and other popular cryptocurrencies have risen sharply, and more and more people are trying to invest, eventually pushing prices higher. Coincidentally, in June 2017, the Unit 42 team also witnessed a surge in the number of cryptocurrency mining malware in the WildFire platform.
This sharp rise in prices peaked in December 2017, when Bitcoin’s rate rose to nearly $20,000. Its price has now dropped back to around $8,000.
So far, about 470,000 unique samples have been confirmed. According to Grunzweig, most of the cyberattack activities delivered cryptocurrency mining malware targeted at Monero (about 84.5%).
As mentioned above, Grunzweig extracted 2,341 Monero wallets from the analysed sample set. Unlike some other cryptocurrencies, Grunzweig stated that it is not possible to retrieve the current balance of a single wallet by querying the Monero blockchain without an owner’s password. This is due to the original design of the Monero currency.
Grunzweig, therefore, adopted a different method to determine how much money the attacker earned—a mining pool based on mining operations. By looking at the top ten mining pools used by malware, Grunzweig stated that in addition to one, the rest of the mining pools allowed anonymous viewing of statistics based on wallets as identifiers.
Grunzweig eventually inquired about the top eight mining pools used by all 2,341 Monero wallets. By querying the mining pool itself (rather than the blockchain), he can accurately determine how much Monero has historically mined, without worrying about data being contaminated by other sources.
So far, the popularity of illegal cryptocurrency mining activities has continued to soar. The soaring of such events can be said to be a direct result of the previous sharp increase in cryptocurrency prices, and the current trend of prices is falling and stabilising. With this trend, only time can tell whether the cryptocurrency mining malware will continue to be famous. Such activities are very profitable for individuals or groups who use malicious technology to make long-term exploitation of cryptocurrency. Historically, the total value of Monroe coins discovered through malicious software has reached 175 million U.S. dollars and accounts for 5% of the total number of Monroe coins currently on the market.
To completely block the delivery of cryptocurrency mining malware through cyberattack activities is a daunting task, as many malware developers limit CPU usage or ensure that the mining operation is only at certain times of the day, or when the user is inactive. Also, the malware itself is delivered through some different methods, which requires defenders to have a broader approach to security.
Source, Image: paloaltonetworks
