Attacks/Breaches

5/3/2018
09:10 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

No Computing Device Too Small For Cryptojacking

Research by Trend Micro shows IoT and almost all connected devices are targets for illegal cryptocurrency mining.

Pretty much any computing device — however low powered — appears to be becoming a target for cybercriminals trying to make money through illegal cryptocurrency mining.

An investigation by security vendor Trend Micro shows how underground markets are awash in cryptocurrency malware, including those targeted at devices with relatively low processing capabilities such as consumer IoT products, smartphones and routers.

Though mining for cryptocurrency is a computationally intensive and power-consuming task, several of the crypto mining malware samples that Trend Micro observed appear dedicated to exploring whether any connected device, however underpowered, can still be exploited for financial gain.

"IoT devices have less computing power, but are also less secured," says Fernando Merces, a senior threat researcher at Trend Micro. "In some cases there may be thousands of them publicly exposed, so the amount of devices compromised is important here."

It is unclear how many IoT devices an attacker would need to infect with mining software in order to profit from cryptomining, Merces says. A lot would depend on the type of device infected and the cryptocurrency being mined. "[But] a big botnet with a few thousands of devices seems to be attractive to some criminals, even though some of them disagree."

Not all of the cryptocurrency malware that Trend Micro observed is for mining. Several of the tools are also designed to steal cryptocurrency from bitcoin wallets and from wallets for other digital currencies like Monero. But a lot of the activity and discussions in underground forums appear centered on illegal digital currency mining. And it is not just computers that are under threat but just about any internet-connected device, Trend Micro says.

"The underground is flooded with so many offerings of cryptocurrency malware that it must be hard for the criminals themselves to determine which is best," Merces says in a Trend Micro report on the topic this week.

The sheer number of cryptocurrency mining software tools currently on sale in underground forums makes it hard to categorize and study all of them. Prices for these tools range from under $5 for Fluxminer, an Ethereum miner, to $1,000 for some miners like Decadence, a software product for mining Monero digital currency. The varying price points reflect the different features that are available with different malware samples. A product like Decadence for instance starts at just $40 but can cost up to $1,000 when features like graphics processing unit support, a web-based control panel, remote access capabilities and encryption services are added.

One of the latest offerings is a Monero cryptocurrency mining tool called DarkPope priced at around $47. The malware is designed to surreptitiously use hijacked computers for mining purposes, and to send earnings to a digital wallet owned by the attacker. Among other things, the authors of DarkPope offer round-the-clock support for the tool, according to the Trend Micro report.

Somewhat ironically, despite the abundance of mining malware, there's little evidence that threat actors are making any major profits from them, at least presently. Though some other vendor reports have described threat actors as having the potential to make upwards of $180,000 per year or $500 a day from cryptomining, Trend Micro says the company is currently not aware of criminals making large amounts of money from illegal cryptomining. But the potential for doing so certainly exists, Merces says.

"Though our research doesn’t specifically focus on the profit, other research has proven this is possible," Merces says. "It is all situation-dependent with the number and type of devices, as well as the type of cryptocurrency being mined," he says. With enough processing power being leveraged, criminals can indeed make substantial profits from cryptomining, he says.

"Cryptomining is fast becoming one of the top threats to individuals and organizations as cybercriminals look to compromise systems for use in mining," Merces says. "The main difference here is threat actors don't compromise systems looking to steal data or drop ransomware, they want the computing resources the machine can provide for their cryptomining activities."

Related Content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
5/4/2018 | 8:57:17 AM
Wireless Defibulator!
OMG - I have a wireless defibulator.  True and " I " could be mining bitcoin without even knowing it??  (Heaven forbid somebody in North Korea hits the SHUTDOWN command). 
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.