Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/3/2018
09:10 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

No Computing Device Too Small For Cryptojacking

Research by Trend Micro shows IoT and almost all connected devices are targets for illegal cryptocurrency mining.

Pretty much any computing device — however low powered — appears to be becoming a target for cybercriminals trying to make money through illegal cryptocurrency mining.

An investigation by security vendor Trend Micro shows how underground markets are awash in cryptocurrency malware, including those targeted at devices with relatively low processing capabilities such as consumer IoT products, smartphones and routers.

Though mining for cryptocurrency is a computationally intensive and power-consuming task, several of the crypto mining malware samples that Trend Micro observed appear dedicated to exploring whether any connected device, however underpowered, can still be exploited for financial gain.

"IoT devices have less computing power, but are also less secured," says Fernando Merces, a senior threat researcher at Trend Micro. "In some cases there may be thousands of them publicly exposed, so the amount of devices compromised is important here."

It is unclear how many IoT devices an attacker would need to infect with mining software in order to profit from cryptomining, Merces says. A lot would depend on the type of device infected and the cryptocurrency being mined. "[But] a big botnet with a few thousands of devices seems to be attractive to some criminals, even though some of them disagree."

Not all of the cryptocurrency malware that Trend Micro observed is for mining. Several of the tools are also designed to steal cryptocurrency from bitcoin wallets and from wallets for other digital currencies like Monero. But a lot of the activity and discussions in underground forums appear centered on illegal digital currency mining. And it is not just computers that are under threat but just about any internet-connected device, Trend Micro says.

"The underground is flooded with so many offerings of cryptocurrency malware that it must be hard for the criminals themselves to determine which is best," Merces says in a Trend Micro report on the topic this week.

The sheer number of cryptocurrency mining software tools currently on sale in underground forums makes it hard to categorize and study all of them. Prices for these tools range from under $5 for Fluxminer, an Ethereum miner, to $1,000 for some miners like Decadence, a software product for mining Monero digital currency. The varying price points reflect the different features that are available with different malware samples. A product like Decadence for instance starts at just $40 but can cost up to $1,000 when features like graphics processing unit support, a web-based control panel, remote access capabilities and encryption services are added.

One of the latest offerings is a Monero cryptocurrency mining tool called DarkPope priced at around $47. The malware is designed to surreptitiously use hijacked computers for mining purposes, and to send earnings to a digital wallet owned by the attacker. Among other things, the authors of DarkPope offer round-the-clock support for the tool, according to the Trend Micro report.

Somewhat ironically, despite the abundance of mining malware, there's little evidence that threat actors are making any major profits from them, at least presently. Though some other vendor reports have described threat actors as having the potential to make upwards of $180,000 per year or $500 a day from cryptomining, Trend Micro says the company is currently not aware of criminals making large amounts of money from illegal cryptomining. But the potential for doing so certainly exists, Merces says.

"Though our research doesn’t specifically focus on the profit, other research has proven this is possible," Merces says. "It is all situation-dependent with the number and type of devices, as well as the type of cryptocurrency being mined," he says. With enough processing power being leveraged, criminals can indeed make substantial profits from cryptomining, he says.

"Cryptomining is fast becoming one of the top threats to individuals and organizations as cybercriminals look to compromise systems for use in mining," Merces says. "The main difference here is threat actors don't compromise systems looking to steal data or drop ransomware, they want the computing resources the machine can provide for their cryptomining activities."

Related Content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
5/4/2018 | 8:57:17 AM
Wireless Defibulator!
OMG - I have a wireless defibulator.  True and " I " could be mining bitcoin without even knowing it??  (Heaven forbid somebody in North Korea hits the SHUTDOWN command). 
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.