Crypto Miners The Silent CPU Killer
Until recently, websites that provide free services earned almost all their revenue through advertisements. Is the Pirate Bay example signaling that cryptocurrency mining may soon take over as the main revenue source?
How does the rising popularity of cryptocurrency miners affect the cyber security landscape? In which cases is it a legitimate tool, and in which is it considered malware? In this report, we will answer these questions.
The first cryptocurrency that gained popularity and triggered the growth of the market and mining communities was BitCoin – the first decentralized coin. As time passed and BitCoin mining gained popularity, the computational resources required in order to stay in the game grew higher. The use of specialized hardware made it even harder for miners that used personal computers, be it threat actors using malware or solo miners, at a certain point, mining BitCoin and other leading cryptocurrencies such as Ethereum became non-profitable, taking into consideration the costs of the hardware and electricity. At this point, new miners entered the game – the new miners required far less CPU resources as they were a lot less popular and were mined by much smaller communities. Some of them, such as Monero, attempted to outgrow BitCoin by avoiding the coin’s biggest flaw – the lack of privacy. Naturally, new cryptocurrencies led to new crypto miners – both tools for the mining community, and malware.
The Birth of Crypto Miners, and Crypto Cyber Campaigns
The rising popularity of cryptocurrency, for both purchasing and for mining, has led to a significant growth of the mining community and cryptocurrency market worldwide. These in turn have produced a new kind of tool used to generate revenue: Crypto Miners.
While the term ‘crypto miner’ refers to tools that are available online, and can be used by the mining community, tools used by malicious actors upon infection are called ‘crypto mining malware’.
As with any new technology or advancement that has potential gain in it, the birth of cryptocurrencies also became a fertile ground for financially motivated cyber actors. To avoid the costs of expensive hardware, cybercriminals infect multiple systems in order to consume the victims’ CPU or GPU power and existing resources for crypto mining. By using different attack vectors, such as spam campaigns and Exploit Kits, they are able to turn the infected machines into troops of cryptocurrency miners.
Cryptocurrency mining is a computationally intensive task which requires powerful resources from specialized hardware and dedicated processors, and incurs significant electricity costs and investments in hardware. The BitCoin network generates a new block every 10 minutes, regardless of the number of active miners. This means that the entrance of new miners into the game does not necessarily accelerate the mining process, but may actually slow it down, as this increases the complexity of the mining operation.
As expected, the first cryptocurrency miners were designed to mine BitCoin, and emerged in 2011, shortly after BitCoin began gaining attention and popularity. One such miner was the Otorun worm. The infamous Kelihos, one of the largest botnets which was taken down by the FBI in April 2017, was also used for BitCoin mining. The recent development of tens of new cryptocurrencies has led to a variety of new crypto miners, with each one designed to mine a specific currency. All of the crypto miners leverage their victims’ computer resources, causing the infected machines to run abnormally slow.
Miners for the ‘Ethereum’, ‘Zcash’ and ‘Dogecoin’ currencies can currently be observed in the wild, though some sources say that mining these currencies using personal computers, even if a large number of bots is involved, is no longer profitable. Without a doubt, the top currency mined by threat actors these days is the Monero currency (see Appendix).