Cryptomining malware, or cryptocurrency mining malware or simply cryptojacking, is a relatively new term that refers to software programs and malware components developed to take over a computer’s resources and use them for cryptocurrency mining without a user’s explicit permission.

Cyber criminals have increasingly turned to crypto mining malware as a way to harness the processing power of large numbers of computers, smartphones and other electronic devices to help them generate revenue from cryptocurrency mining. A single cryptocurrency mining botnet can net cyber criminals more than $30,000 per month, according to a recent report from cybersecurity company Kaspersky Labs.

Cryptocurrency-mining malware is malicious software designed to use a device’s CPU power to mine cryptocurrency without authorization. Threat actors deploy this malware to increase their aggregated computing power for mining cryptocurrency, ultimately boosting their chances of solving the equation and earning cryptocurrency without added cost to the threat actor. Cryptocurrency-mining malware may go unnoticed on a device as it often only uses CPU power, appearing to users as though the device is simply running slower than usual. However, cryptocurrency-mining malware has the potential to render a device unresponsive and/or unavailable to legitimate processes by exhausting the system’s CPU and memory resources. Cryptocurrency-mining malware can infect any range of devices, including laptops, desktops, servers, and mobile and IoT devices.

While much crypto-mining malware and crypto-jacking programs target desktops and laptops to mine cryptocurrency, others target smartphones and tablets. One of the more powerful crypto-mining malware programs, dubbed Loapi by Kaspersky Labs, is designed to hijack an Android smartphone’s processor to mine cryptocurrency and is so intensely invasive that it can overheat the phone’s battery and physically damage the device.

INFECTION METHODS

Cryptocurrency-mining malware can infect a user’s device through several means, including: clicking a malicious link, visiting a compromised website, downloading an infected application, downloading a malicious file, or installing an infected web browser extension.

RECOMMENDATIONS TO MITIGATE CRYPTOCURRENCY-MINING MALWARE THREATS

Use web browsers that proactively block cryptocurrency-mining script or install a reputable ad-blocking, script-blocking, and coin-blocking extension in your current browser.

Implement a Defense-in-Depth cybersecurity strategy.

Use a reputable antivirus or antimalware program and set it to update automatically.

Disable JavaScript in your web browser.

Only download software and files from legitimate sources.

Thoroughly review the terms of service for all applications and web browser extensions.

 

For more cyber security information contact us at help@theweborion.com