Organisations Must Not Ignore Threat of Cryptocurrency Mining Malware

NTT Security, the specialised security company for NTT Group, has warned that organisations could be targeted by malware designed for mining cryptocurrency.

In a new report, researchers at its Global Threat Intelligence Center (GTIC) share their report into a type of malware solely designed to mine Monero (XMR), a form of cryptocurrency affording its users the greatest amount of anonymity.

At the time of analysis, GTIC researchers found around 12,000 Monero mining malware samples, with the earliest dating back to March 2015. They also discovered that 66 percent of the samples were submitted from November to December 2017, indicating a dramatic increase in the use of coin mining malware.

Terrance DeJesus, Threat Research Analyst at NTT Security, said: “The acceptance and adoption of digital currencies mean that investing in cryptocurrency has become a new way to make money. However, generating a profit from mining the currency has become more time consuming and costly. Cybercriminals have taken to developing malware in an attempt to overcome the barriers to entry and generate profits for themselves.

“Monero mining malware is installed on the victim’s computer or smartphone without their knowledge and, once installed, it uses the victim’s computing resources and electricity supply to mine cryptocurrencies. The rewards go directly to the hacker, not the owner of the computer. Device owners might not suspect a thing.”

Based on its visibility into 40 percent of global internet traffic and data from a wide range of threat intelligence sources, NTT Security has revealed that cyber criminals are using phishing emails as the primary tactics to gain a foothold on a targeted system, which attackers can then leverage to mine XMR with the victim’s resources.

While phishing is the most prominent, the discovery of coin miners in a network environment suggests that more malicious activity could exist in that environment, such as backdoors and unpatched vulnerabilities. The company also found that legitimate coin mining services, such as Coinhive could be abused and injected into mobile games and websites.

Investing in cryptocurrency is not a new phenomenon - late 2017 and early 2018 saw a significant spike in the numbers of cryptocurrency investments across the globe. Unsurprisingly, threat actors are using their skills to cash in on the cryptocurrency mining craze and, while crytocurrency values have fluctuated wildly in value since the completion of the report, threat actors continue developing cryptocurrency mining malware to generate revenues to fund their operations.

Also Read

Stay in the know with our newsletter