Crypto Mining Malware Very Popular Among Botnet Owners – Kaspersky Lab

News | November 29, 2018 By:

Cryptocurrency mining malwares have infected more than five million people in the first three quarters of the year, according to international software security group Kaspersky Lab.

In a new report, Kaspersky said that the total number of Internet users who encountered crypto miners rose by more than 83 percent in the first three quarters of 2018, from 2,726,491 in 2017 to 5,001,414 in 2018. The number of attacks increased steadily during the first half of the year, peaking in March, when around 1.2 million Internet users faced an attack. According to Kaspersky, the installation and use of unlicensed software and content was the major driver behind this year’s “crypto gold rush.”

“2018 began with a rise in the number of miner-related attacks,” the report said. “However, after a drop in the value of the main cryptocurrencies, which lasted from January to February, infection activity noticeably declined. General interest in cryptocurrencies also waned. Yet the graph clearly shows that while the number of cryptominer attacks decreased, the threat is still current. As for how the November collapse in the bitcoin exchange rate will affect the number of infections, time will tell.”

The report said that crypto mining malware became increasingly popular among botnets this year. Q1 2018 reportedly saw a boom in crypto miners, and the share of this malware in the first half of the year was 4.6 percent of the total number of files downloaded by botnets. For comparison, in Q2 2017 this figure was 2.9 percent.

“In Q3 2018, we registered a decline in the number of DDoS attacks, the most likely reason being, according to our experts, the “reprofiling” of botnets from DDoS attacks to cryptocurrency mining,” the report said. “This was induced not only by the high popularity of cryptocurrencies, but also the high competition in the “DDoS market,” which made the attacks less expensive for clients, but not for the botnetters themselves, who still have to cope with more than a few less-than-legal “organizational issues. The reprofiling of existing server capacity completely hides its owner from the eyes of the law.”

The report also revealed that neither crypto legislation nor the cost of power has a significant impact on the spread of malicious crypto mining softwares.

“For example, in Algeria and Vietnam cryptocurrencies are either prohibited or severely restricted under domestic law,” the report said. “Yet Vietnam is third in the ranking of leading countries by number of miner attacks, and Algeria is sixth. Meanwhile, Iran, which is presently drafting legislation to govern cryptocurrency and developing plans to issue its own “coins,” is in seventh place.”

Evgeny Lopatin, security expert at Kaspersky Lab, said that their analysis of the economic background of malicious crypto mining and the reasons for its widespread presence in certain regions revealed a clear correlation.

“The easier it is to distribute unlicensed software, the more incidents of malicious crypto miner activities were detected,” Lopatin said. In short, an activity not generally perceived as especially dangerous, the downloading and installation of dubious software, underpins what is arguably the biggest cyberthreat story of the year – malicious crypto mining.”