Researchers noted that hackers are distributing malicious software via links for things like pirated software, forcing unwilling users’ computers to mine Zcash without their knowledge.
“Cybercriminals use rather conventional ways to distribute mining software – they are installed under the guise of other legitimate programs, such as pirated software distributed via torrents,” said Kaspersky Lab security researcher Aleks Gostev.
“So far, we have not seen any cases of mass-mailings or vulnerabilities in websites being exploited to distribute mining software; however, provided mining remains as profitable as it is now, this is only a matter of time.”
Frauds are spreading miners ( a form of malware) to use victims’ computers for cryptocurrency mining, which results in problems on victim’s computer and income for the cyber criminal.
Researchers from Kaspersky have shared their discoveries in a blog post on September 12th, 2017.
According to experts, several large cryptocurrency mining botnets were detected; in addition, criminals are attempting to infect servers of large organizations with miners to expand the botnet as far as possible.
Kaspersky shared a column graph that visualizes the growth of attempts to install miners of computers starting from 2011 to 2017.
The security firm claims that there were at least 205,000 attempts to infect their customers with mining malware in 2013, and that number grew to 701,000 in 2014.
In 2016, there were more than 1.8 million attacks discovered, and in the first eight months of 2017, at least 1.65 million attacks were noticed.
Miners are mainly propagated via adware installers
While the majority of cryptocurrency miners are promoted via software installers that suggest placing more than one program on the system, experts have also noticed more sophisticated malware promotion methods.
According to Securelist, criminals might be exploiting well-known vulnerabilities like EternalBlue to infect unprotected systems.
The criminal actors are believed to be collaborating with unethical adware providers. Besides, suspicious ads for mining builders were found in Telegram channel.
Clicking on a provided link allows the user download a trial version of a builder that creates a miner dropper with some interesting features such as software suspension whenever the user launches a game such as GTA V, Minecraft or WorldOfTanks.
Modus operandi of a cryptocurrency miner
Cryptocurrency miners usually have beneficial features helping them stay undetected by security programs, run on startup and perform other activities, including:
- Attempt to disable antivirus, anti-malware, and anti-spyware programs;
- Create a copy of the miner on the hard drive and recreate it each time it gets deleted by the user or security software;
- Track what programs start running and shut down themselves if the launched program has an ability to monitor running processes.
Researchers also stated that the most popular cryptocurrencies used in mining processes are Monero and Zcash. The discovered mining network can generate approximately $30,000 per month to criminals.
If you noticed that your computer recently started to perform poorly, consider checking your computer for cryptocurrency miners.
NoVirus.uk experts suggest using anti-spyware or anti-malware programs to identify mining software illegally installed on your PC.