Any cryptocurrency is getting popular at this days and hackers trying to install hidden bitcoin mining tools into your device.
Bitcoin mining or any cryptocurrency is a rapidly growing trend like a “Gold Rush.” More and more people take up mining, or adding blocks to a blockchain and getting profit for it with cryptocurrency. In doing so, these Bitcoin miners come up with more and more inventive ways, which is not all of them is legal to earn the coveted coin. And some of the more enterprising cybercriminals have no qualms about doing this at your expense.
Why cybercriminals need your computer?
Kaspersky Lab researchers wrote in the blog post about botnets and how hackers can turn your computer or any device into a zombie and make it a part of their botnet. A network of such zombie computers can be used for a diversity of purposes, including but not limited to Bitcoin or any cryptocurrency mining.
In layman’s terms, your computer becomes a part of a distributed network whose computing power is used to mine a Bitcoin that ends up in the botnet operator’s pocket. Thousands of computers on a botnet can mine cryptocurrencies much more efficiently than just a single computer. Hackers were installing miner applications on the computers of unsuspecting people. In case of a successful installation of the hidden bitcoin mining apps, victims responsible for the electricity bill and brings coveted coins to cybercriminals.
How a hidden cryptocurrency miner ends up on your computer
In most cases, a miner ends up on a computer with the help of a purpose-built malicious application, a so-called dropper whose chief function is to install another app secretly from the user. Droppers usually come under the guise of pirated versions of licensed products or activation key generators for them. Users look for this type of software on torrent networks and download it intentionally.
When the downloaded file is launched, an installer is deployed on the victim’s computer and in turn downloads a miner and a unique tool that conceals it in the system. The app can also come complete with services that ensure its autorun and configure its settings. For example, such services can suspend the miner when the user starts certain popular computer games. The miner uses the computing power of the graphics card, and consequently, the video game may start lagging and arouse the user’s suspicion. That services can also attempt to disable antivirus products, suspend the miner when a system monitoring tool is running, and restore if the user tries to remove it.
Scale of the problem
Cybercriminals distribute those applications as a service, often use Telegram channels devoted to online work opportunities. Users might come across ads offering trial versions of such droppers for distributing a hidden miner.
According to Kaspersky Lab experts, they are providing an idea of the scale of this scam. The researchers recently detected a botnet consisting of estimated tens of thousands of computers on which the “Minergate” miner was secretly installed. It mines not highly popular as Bitcoin but mostly cryptocurrencies such as Monero (XMR) and Zcash (ZEC), that allow the hiding of transactions and wallet ownership. The approximate estimates calculate a single mining botnet can obtain more than $30,000 per month. The researchers detected more than $200,000 passed through the cryptocurrency wallet used by the botnet.
How to protect computer against this threat
Kaspersky Lab – Internet Security protects you against malicious droppers by default. Just make sure that your AV application is on at all times, and this malware won’t stand a chance of infiltrating your computer. If for some reason you deactivate AV and run a manual scan after becoming suspicious, the software will immediately detect this full-fledged Trojan and prompt you to get rid of it.
Unlike droppers, miners are not malicious applications, as researchers mentioned earlier. That’s why they fall into Antivirus firm “riskware” category, software that is legitimate but can be used for malicious purposes (you can find more details on what’s included in this group here). Kaspersky Lab does not block or remove such applications by default, and a user may have installed them on purpose.
If you prefer to err on the side of caution and are confident that you won’t be using miners and other “riskware,” you can always open Kaspersky Lab software settings, find the “Threats and Exclusions” section, and select the checkbox by “Detect other software.” In conclusion but not least, scan your device regularly, your security solution will help you avoid installing and running any unwanted malicious applications or hidden bitcoin mining apps.
Alternatively to Kaspersky Lab, you can use McAfee Internet Security – which is providing similar protection against malicious spyware, malware, and hidden bitcoin mining applications.