Malicious mining programs earn $100 million, someone may be secretly mining with your phone

Helge Husemann

At the 2018 ITWeb Security Summit, Helge Husemann, product manager for the Middle East and Africa at antivirus software Malwarebytes, said: "As mining becomes easier with ordinary computers, the number of malicious mining programs is gradually increasing. So far, criminals using illegal means to mine cryptocurrencies have made $100 million in revenue."

These proceeds will provide criminals with funds for their activities, and billions of dollars of commercial services may be damaged. In order to avoid more victims of malicious mining programs, Husemann suggested that security industry professionals should consider deploying malicious mining program signature protection.

At present, security vulnerabilities related to cryptocurrency and blockchain have also increased. Malwarebytes blocks an average of 8 million blockchain Trojan attacks every day and 248 million malicious mining programs a month. In 2017, the number of malicious mining program ads on YouTube increased by 3 times. The malicious programs in the ads mined for months on British government websites, Showtime (American TV network), and Browsealoud (browser plug-in).

"It is worth noting," Husemann stressed, " that malicious mining programs are not only present in ordinary computers, but any electronic device may be invaded by malicious mining programs. "

In mid-September 2017, a company called Coinhive released a new technology that can mine Monero directly in a web browser, which was quickly turned into a malicious mining program by hackers. In addition, since Monero can be traded in different devices, it does not require a specific type of hardware like Bitcoin, so malicious programs targeting Monero can be hidden in any electronic device.

For example, WordPress servers were used to mine Monero. WordPress is the most widely used open source CMS program in the world, and 1/4 of the world's websites are made with WordPress. After calculation, the attacker has made more than $100,000 in illegal profits from WordPress.

In January 2018, Malwarebytes detected millions of mobile devices executing malicious mining programs, and it is expected that more IoT devices will be affected by malicious mining in the coming months.