Cases of crypto mining malware, software designed to illegally mine cryptocurrency, has nearly doubled in the second quarter, with evidence suggesting that a rising number of criminals could be creating malware specifically for targeting mobile devices.
A recently published report by the global computer software security firm McAfee (no longer affilated with John McAfee) found malware attacks had risen by 82% in the Q2 2018. There had been just under 3m reported mining attacks in the first three months of the year, but this increased to approximately 5.5m in the following quarter. There has been a near tenfold increase in the number of attacks compared to the same quarter last year.
Mining malware is designed to secretly hijack a computer’s processing power and use it to mine cryptocurrency. Hackers often embed the malware into legitimate websites; when a victim visits the site it activates and begins controlling the CPU to mine the chosen Proof-of-Work (PoW) coin.
It has been found in some surprising places. The security firm Trend Micro found malware had been embedded in Youtube adverts for a Google-owned digital ad provider in late January. Hackers had even added mining software into the website code for India’s Union Public Service Commission in mid-March. Both bits of malware had been designed to mine the privacy coin Monero (XMR).
“Due to the increasing popularity of cryptocurrencies, the blockchain revolution is in full swing,” the report said. “Cybercriminals have also found new angles including illegal coin mining and theft leading to profits.”
Is crypto mining malware going mobile?
Attacks in the crypto space are all too common; most have targeted the centralized exchanges. Binance was very nearly hacked by a well-organized team in February, but not all are so lucky. The Japan exchange Coinrail lost over $500m worth of NEM (XEM) tokens following a successful attack in late January. Hackers made off with $60m from another Japanese exchange, Zaif, earlier this month.
McAfee’s research found that there was also an increase in malware attacks targeted at mobile devices. Although not specifically just cryptocurrency, this coincides with a growing trend for mobile adoption across the sector.
The established companies have created phone-friendly software in the past six months; both CoinMarketCap and Binance Info have released apps for users to access market data. The new Zcash (ZEC) ‘Sapling’ update will reduce the computational power needed for its encryption algorithm zk-SNARKS, making it possible to use phones to send private transactions.
A sector that grows as fast as crypto did will inevitably attract bad actors. Mining malware was a rarity before 2018. Attacks only began to rise in the latter half of 2017, coinciding with the sector-wide bull run which brought the total market cap up to $810bn by mid-December. Malware cases grew significantly at the end of 2017 and the start of 2018; from less than half a million in Q4 last year to nearly 3m in Q1.
Such a large increase in cases of crypto mining malware should be a cause for concern. With declining prices, attacks may not be as lucrative as they used to be but a large increase suggests there is still little to protect users from having their computers compromised.
Disclaimer: The author is not invested in any cryptocurrency or token mentioned in this article, but holds investments in other digital assets.