As cryptocurrencies have steadily garnered attention and grown in value over the years, criminals have developed ways to take advantage of vulnerabilities to siphon off their piece of the wealth.
One prolific method that these fraudsters are utilizing is hijacking unsuspecting users’ computer processing power to secretly mine cryptocurrencies on their behalf.
Analysts Sergio Pastrana and Guillermo Suarez-Tangil have recently presented their findings on just how lucrative and widespread these tactics are.
On the Down Low
This CPU-jacking method has multiple avenues to take over a user’s computing resources.
The most simple of these avenues come from malicious scripts planted on websites. When these sites are visited by unwitting users, a mining script will start to run. Users in these instances may be able to detect a mining script through increased CPU activity which usually triggers the fans in the computer to turn on at full power.
The other mode of infection is far less detectable for the layman, as a mining code can be hidden among the code of an otherwise legitimate program or product. Once booted up, the hidden code on the host’s computer will begin mining and sending the rewards to the puppetmasters’ wallets.
Micro Mining, Major Profits
Research conducted by Pastrana and Suarez-Tangil helped to uncover just how far-reaching these scripts and codes go.
According to the data, the pair ‘analyzed approximately 4.4 million malware samples (1 million malicious miners), over a period of twelve years from 2007 to 2018.’
Using the results to follow trails to wallets and mining pools, Pastrana and Suarez-Tangil concluded that these bad actors were able to profit approximately $56 million when taking into account which cryptocurrencies were mined and their prices at the time.
Monero (XMR) was found to be the most popular for criminals to mine and use because of its inherent characteristics of being one of the most anonymous and untraceable cryptocurrencies. The study further concluded that more than four percent of the entire amount of XMR in circulation is the result of mining malware.
The Monero team is well aware of the mining vulnerabilities that exist and have been actively trying to quell these activities by altering the XMR algorithm through a series of forks.
To protect oneself an independent cryptocurrency miner or user, it is important to keep trusted virus protection up to date and be wary of visiting unknown websites.
Will these dirty tactics in the cryptocurrency space only continue to grow in the coming years? Do you consider this to be a detrimental flaw in proof of work systems? Let us know your thoughts in the comments below!
Images courtesy of Shutterstock.