While the value of many cryptocurrencies has recently dropped off from their record highs, they still have strong appeal to cybercriminals.
The prospect of using thousands of devices to mine the likes of Monero is too tempting to ignore and so there has been a massive spike in malware that utilizes unknowing CPUs to generate money with little to no effort for the criminals and little obvious evidence of foul play to the user.
While on the surface it may seem that criminals could be doing far worse than mining cryptocurrency on your infrastructure, there can serious consequences if you find such an infection.
The rise and fall of browser-based mining
Last year cryptocurrency mining service CoinHive released code that would allow websites to generate revenue by using the CPU of the website visitors through cryptomining. This quickly led to a new trend in malware, where hackers inject legitimate websites with mining code.
One report puts the number of websites infected with cryptojacking malware at around 35,000. A notable case was the thousands of government websites including the UK Information Commissioner’s Office (ICO), National Health Service (NHS) Scotland, and the government portal of Queensland, Australia that were found to be hosting mining code. A Cisco Talos report estimates a single mining campaign could earn just under $1.2 million over the course of a year.
However, while browser-based cryptomining has proven lucrative for criminals, the boom has been short-lived. Various tools have since been released – built-in browser features, extensions, or features within security products – which block unauthorized crypto-mining, thus reducing the amount of money hackers can raise. Which has push criminals to search for new targets.