On September 12, 2017, Russian cybersecurity firm Kaspersky Lab published figures claiming that in the first eight months of this year, its products have protected 1.65 million users from concealed cryptocurrency mining software. Social engineering is the primary method of installing malicious miners, said the company. “Over the last month alone, we have detected several large botnets designed to profit from concealed crypto mining. We have also observed growing numbers of attempts to install miners on servers owned by organizations.”
Concealed miners are programs that are surreptitiously installed on computers. Without the victims knowing, they co-opt and repurpose processing power toward cryptocurrency mining. At an individual level, this may result in marginally higher electricity bills for a consumer – it hardly seems like a serious crime, as if a neighbor broke into your garden each day to take a dip in your pool. But, just as your neighbor would be arrested for trespassing, concealed mining is a gross violation of a person’s privacy and resources. On a larger scale, misdirected computing power can severely damage an organization or company, bogging down processors while accumulating significant wealth for perpetrators.
One botnet found by Kaspersky allegedly raked in upwards of $30,000 per month – and that’s according to conservative estimates. In July 2017, ETHNews broke the news of a potential botnet at San Francisco State University. Now, it appears that the threat could be much more widespread.
Kaspersky found that Zcash and Monero are the cryptocurrencies most frequently sought by concealed miners – not terribly surprising, given that both digital assets claim a high degree of anonymity. In its post, Kaspersky explained that malicious mining software may:
- Try to turn off security software;
- Track all application launches, and suspend their own activities if a program is started that monitors system activities or running processes;
- Ensure a copy of the mining software is always present on the hard drive, and restore it if it is deleted.
Concealed miners can even be programmed to pause when an unsuspecting consumer runs more processing-intensive programs like video games or editing software.
The report by Kaspersky Lab comes at a time when the US Senate is considering a government-wide ban on the company’s products. Kaspersky, which has 400 million customers worldwide, adamantly denies aiding or abetting cyber espionage by any government. On Twitter, Kaspersky’s CEO reaffirmed his company’s commitment to the North American market.
It’s difficult to determine the validity of attacks launched at the company, but already Best Buy – one of the largest electronics retailers in the US – has removed Kaspersky products from its shelves. Despite the bevy of negative attention from government and corporate America, Kaspersky and its report should not be discounted. Concealed cryptocurrency miners pose a real threat to companies and institutions across the globe. Cybersecurity defense remains critical for consumers and corporations alike.