In 2018 the amount of malware that’s focused on mining cryptocurrencies on the victim’s computer, increased with 4467 percent. In the third quarter of 2018 alone over 4 million new mining malware threats were discovered. That’s considerably more than in 2016 and 2017 when those numbers were below 200 thousand, according to data from McAfee Labs. They call crypto malware ‘one of the big stories of 2018’.
In the first two quarters of 2018 over five million crypto related malware threats were found. That’s 2.5 million malware detection per quarter. In the third quarter of this year that number went up 55%. That made the threat of crypto-mining malware grow with 4467% in the last four quarters.
According the McAfee cybercrime is become much more sophisticated. Criminals are trying to get access devices connected to the internet. Malware targeting Internet-of-things (IoT) devices grew with 203% in the last four quarters. These internet connected devices, like routers and IP cameras, don’t generate lots of mining power, but it’s volume that the hackers are after.
“We would not usually think of using routers or IoT devices such as IP cameras or videorecorders as cryptominers because their CPUs are not as powerful as those in desktop and laptop computers. However, due to the lack of proper security controls, cybercriminals can benefit from volume over CPU speed. If they can control thousands of devices that mine for a long time, they can still make money.” – Remce Verhoef, security researcher at McAfee Labs.
These cybercriminals are not after your data, but want to use your computing power to mine cryptocurrencies for them. In September McAfee Labs already released a report addressing its concerns about this ‘cyberjacking’.
With cryptojacking hackers use a vulnerability in the security of a device to install malware. Then they use the processing power of the device to mine cryptocurrencies. Especially Monero (XMR) is often associated with these mining practices. Last year many websites were mining XMR in the background, using processing power of people visiting their website.
Also published on Medium.