Coin-Mining Malware Volumes Soar 53% in Q4 2020

Posted by Trevagh Stankard on Tue, Jan 26th, 2021

It’s back . . . the cryptocurrency frenzy and consequently, the rise of coin-mining malware. Like the stock market, gold, real estate, and other assets, bitcoin prices have surged upward since bottoming out shortly after the COVID outbreak last year. Bitcoin prices grew by nearly 300% over the entire twelve month period of 2020, closing at a value of nearly $30,000. Sounds impressive, until you consider that the second most popular cryptocurrency, Ethereum, grew by an astounding 450%. 

This is great news for those who invested in Bitcoin at the outset of 2020. For IT managers and cybersecurity professionals, however, not so much. For just as prices of cryptocurrencies have soared, so has the interest in coin-mining malware. According to a recent report, detections of crypto-mining malware increased by 53% for the fourth quarter of 2020 compared to the three months prior. When prices surge, so do infections. 

What is Coin-Mining?

Coin-Miner malware, otherwise known as cryptocurrency malware, are applications that generate cryptocurrencies such as Bitcoin, Ehtereum and Monero. These digital currencies require a lot of processing power and memory to create. Besides being expensive to purchase and maintain, the servers required to mine them require a great deal of electricity. For these reasons, there is a baseline cost to legitimate coin mining so when profits go up, so does profitability along with mining interest. So in order to maximize profits, some nefarious miners use malware to mine coins on someone else’s dime. By infecting your computer, they can then use your computing resources and power. These illegal mining activities create havoc on computer performance which then negatively impacts productivity. While Bitcoin is the most popular cryptocurrency, illegal coin-miners usually deal with other cryptocurrencies such as Monero. That’s because the requirements to mine it are far less stringent and its transactions are not transparent, which opens the door for illegal transactions.

Why Coin-Miner Malware is Hard to Detect?

If you get infected with Ransomware then one thing is for certain - the malware will eventually announce its presence. It must inform you of the ransom and how to pay it in order to decrypt your data. Coin-mining malware works with the opposite intention. It silently operates in the background as long as possible, stealing your resources such as processor, memory, graphics card and bandwidth. The goal is to operate in secret for as long as possible. Some of the symptoms that might indicate an infection include the following:

• High CPU or GPU usage
• Slow response times
• Unusual spikes in network activity
• High memory usage
• Frequent crashes and freeze ups
• Overheating

The Different Types of CoinMiner Malware

This silent computer resource killer has three different ways to foist your computing device or smartphone to mine cryptocurrency:

• Executables: This is the traditional type of malware in which an unwanted application appears on your hard drive as an executable (.exe) file.
• Browser-based Cryptocurrency Miners: In this case, the mining activity is driven by a connected website, not infected malware. The mining code is executed in the browser using JavaScript or a worm directly from the active webpage. The victimized computer will mine only as long as the browser is connected to the infected website. While not as nefarious, users may still be oblivious to the activity.
• Advanced Fileless Miners: Here the payload operation utilizes legitimate tools such as PowerShell and executes the mining code within the computer’s memory. Because the operation doesn’t leave any lasting footprint, these types of attacks are even harder to detect.

How to Protect Yourself from these Crypto Menaces

These crypto-mining malware strains are so difficult to detect, hence prevention is a primary objective. Prevention starts with the basics such as ensuring that your operating system, web browsers and hardware are up to date. An endpoint security solution is also important, especially in detecting and combatting crypto-miner executables. While Internet filtering plays a significant role within any multi-layer security strategy, it plays an even more significant role in stopping unwanted crypto mining activities. A solution such as WebTitan will prevent users from connecting to websites known to promote browser-based cryptocurrency miners. Its Malicious Detection Service monitors and identifies malicious threats in real-time in order to protect web sessions. In addition, it blocks malware and other viruses in order to prevent executables or advanced Fileless Miners from ever infecting your machines in the first place. With WebTitan, your computer is protected from coin-mining threats regardless of what the price of cryptocurrencies maybe now and into the future.

Protect your organization against malware by using an award-winning DNS Filtering and Web Security solution, WebTitan. Start a free trial to discover all the WebTitan features to protect against malware attacks. Start free trial today.