Throughout 2017 it seemed like barely a week went by that a new ransomware scare didn’t hit the news.  Because of the overall public awareness, ransomware has slowly started to fall out of popularity with scammers and new types of malware have started to appear.   The newest trend embraces cryptocurrency mining and is proving to be equally as lucrative as ransomware.

You have probably heard of Bitcoin or one of the many other forms of cryptocurrency now in circulation.  Cryptocurrency is a fully digital form of money that is maintained through encryption and operates independently of any central bank or government.  Bitcoin, the most prominent form of cryptocurrency, experienced a sudden boom of activity in December, and at its height, one Bitcoin was valued at nearly $20,000 USD.  Since then, Bitcoin has fallen down to $11,000 USD but remains a hot commodity.

Cryptocurrency is regulated through the use of complex encryption techniques to verify transactions.  This takes the form of incredibly difficult math equations to generate block chains of data.  Each time Bitcoin is bought or sold, these equations must be calculated to verify that nothing has been tampered with or altered outside of the system.  As time goes on and these block chains become longer, more complex and the time to solve the equations increases.  Since cryptocurrency is decentralized, all of these transactions are calculated by individual computer systems, or more realistically, cryptocurrency mining farms.  The incentive to run these farms is that miners receive a payout of Bitcoin currency in exchange for completing the complex calculations required to keep the system functional.

Enter Cryptocurrency-Mining Malware. 

In the early days of Cryptocurrency, calculations were simple enough that they could be handled by a single computer.  As more Bitcoin users entered the network, the complexity grew to the point that entire networks of computers are required.  Cryptocurrency-mining malware takes this to a nefarious new level by infecting the computers of unwitting individuals and using their systems to contribute towards Cryptocurrency generation.

Cryptocurrency-mining malware is distributed under the guise of legitimate looking software.  When a user downloads the software, the malware is installed in secret using a technique called process-hollowing.  Process-hollowing removes parts of legitimate system code and replaces it with the mining software.  Because the malware masks itself as a legitimate program, it will generally not be detected by anti-virus software.  What’s more, since the malware does not actively announce its presence it can go undetected for extended periods of time.

The dangers of mining malware come from the fact that cryptocurrency mining is very system intensive.  A system with the malware installed with often run at near max capacity with no breaks in the cycle.  This will not only slow down the speed of everything else on the system, but it also draws more electricity and given enough time, the high capacity workload can eventually wear out the system hardware.

Reports by Kaspersky Lab show that Cryptocurrency-Mining Malware has generated over a million dollars over the last 6 months.  With an estimated 2.7 million attacks in 2017 and numbers on the rise, Cryptocurrency-Mining Malware is definitely something to watch out for in 2018.