With Bitcoin’s increased popularity and steadily rising value, cybercriminals have turned to malware as a means of infecting user’s PCs to install cryptocurrency mining software which mines for digital currency without their knowledge.
New research from Kaspersky Lab’s Anti-Malware Research team has identified two botnets comprised of computers infected with malware that could earn the attackers a large sum of digital currency each month.
The researchers identified one 4,000-machine network that could earn up to £22,731 a month and another botnet made up of 5,000 PCs that was earning over £151,538 each month.
Cybercriminals had used such as these in the past when Bitcoin was significantly easier to mine but as the computations required to produce a coin become more difficult it was no longer worth the effort. The recent worldwide surge in cryptocurrency speculation has once again made it profitable for attackers to use stranger’s PCs to acquire virtual coins.
According to experts, these newly discovered botnets distribute the mining software via adware programs that victims are voluntarily installing on their devices.
Once these programs are installed, they then download the malicious miner installer which attempts to disable security software, tracks application launches and checks that a copy of the mining software is always present on the PC in order to ensure that the miner runs for as long as possible.
Victims infected by such an attack will likely notice their device no longer runs at peak performance and they will also see a higher than ordinary electricity bill that month.
Evgeny Lopatin, a malware analyst at Kaspersky Lab, offered further details on these new mining botnets, saying:
“The major problem with malicious miners is that it is really hard to reliably detect such activity, because the malware is using completely legitimate mining software, which in a normal situation could also be installed by a legitimate user. Another alarming thing which we have identified while observing these two new botnets, is that the malicious miners are themselves becoming valuable on the underground market. We’ve seen criminals offering so-called miner builders: software which allows anyone who is willing to pay for full version, to create their own mining botnet. This means that the botnets we’ve recently identified are certainly not the last ones.”
As always it is recommended that you do not install any suspicious software from untrusted sources on your PC and routinely check that your security software is up to date to avoid falling victim to this or any other attack carried out by cybercriminals.