Software giant Microsoft has labelled malicious cryptocurrency miners as an increasing threat as cybercriminals increasingly turn to new attack vectors due to the soaring prices of cryptocurrencies like bitcoin in recent months.
The sharp increase in the value of cryptocurrencies has already seen cybercriminals successfully extort and profit in bitcoin from ransomware victims. Beyond ransomware, cybercriminals have also switched over to cryptocurrency miners, commonly referred to as coin miners or cryptominers. While not inherently malicious – cryptocurrency mining isn’t an illegal activity that individuals and companies engage in for – coin miners have a substantial appetite for computing resources and electricity.
Using its Windows Defender software to collect telemetry from Windows OS computers, Microsoft determined that “trojanized cryptocurrency miners’ were found in around 644,000 unique computers every month between September 2017 and January 2018.
Interestingly, the spike in malicious crypto miners have come at the expense of cryptocurrency ransomware attacks, which have seen a decline.
“Interestingly, the proliferation of malicious cryptocurrency miners coincides with a decrease in the volume of ransomware. Are these two trends related? Are cybercriminals shifting their focus to cryptocurrency miners as primary source of income?” Microsoft asked. “It’s not likely that cybercriminals will completely abandon ransomware operations any time soon, but the increase in trojanized cryptocurrency miners indicates that attackers are definitely exploring the possibilities of this newer method of illicitly earning money.”
Browser-based coin miners, also known as crypto jacking, has also emerged as a new class of threat in recent months. When the website in question is accessed, the malicious scripts mine coins by using the visiting device’s computing resources. While some websites, particularly video streaming sites, have been set up by cybercriminals specifically for malicious crypto mining, others have been compromised and injected with the scripts on purpose.
The threat is even prevalent among Windows enterprise consumers. Those who enabled a built-in security feature within Windows encountered coin miners in over 1,800 enterprise machines – a “huge jump” according to Microsoft, which expects those numbers to “grow exponentially” while the software giant continues its crackdown on malicious unwanted coin miners.
Image credit: Flickr.