At Least 1.65 Million Computers Are Mining Cryptocurrency for Hackers So Far This Year
2017 is on track to easily beat 2016.
Cryptocurrencies are a boon to all sorts of criminals, from online drug dealers to ransomware hackers, due to their semi-anonymous nature. But another set of scammers takes a different approach: loading up victims' computers with software that "mines" currencies to generate a profit, without the owner's knowledge.
Cryptocurrency mining can be lucrative. By setting up a computer or group of machines to work around the clock, miners solve math problems required by a given cryptocurrency (Bitcoin, Ethereum, Monero, etc.) to create new funds. The newly generated funds are returned to miners as a reward because mining is resource-intensive and can rack up electricity costs. Mining cryptocurrency is legal, but criminals can get other people's computers to put in the work while they reap the rewards by surreptitiously installing mining software on their computers with malware.
According to new statistics released on Tuesday by Kaspersky Lab, a prominent Russian information security firm, 2017 is on track to beat 2016—and every year since 2011—in terms of the sheer number of computers infected with malware that installs mining software. So far in 2017, the company says it has detected 1.65 million infected machines. The total amount of infected computers for all of the previous year was roughly 1.8 million. The infected machines are not just home computers, the firm stated in a blog post, but company servers as well.
"The main effect for a home computer or organization infrastructure is reduced system performance," Anton Ivanov, a security researcher for Kaspersky, wrote me in an email. "Also some miners could download modules from a threat actor's infrastructure, and these modules could contain other malware such as Trojans [malware that disguises itself as legitimate software]."
Ivanov said that the firm doesn't know how much money has been made overall with this scheme, but a digital wallet for one mining botnet that the company identified currently contains over $200,000 USD.
The most popular cryptocurrencies mined by malware were Zcash and Monero, according to Kaspersky. This is noteworthy, because it reinforces the notion that mining Bitcoin, the most popular and valuable cryptocurrency, is just too difficult for normal people to engage in (or for hackers controlling other people's computers). The Bitcoin mining space is dominated by gigantic firms that run server farms, largely in China. Smaller or newer currencies like Zcash and Monero are thus more likely to pay off. In addition, Ivanov noted, Zcash and Monero promise more privacy for users and, as it happens, criminals, than Bitcoin and Ethereum.
The increased rate of mining with malware is likely due to the massive bull-run that cryptocurrency markets across the board have enjoyed this year, buoyed in part by rampant speculation on the future value of digital assets. "In our opinion, it is happening because top cryptocurrencies have rapidly increased within the year," Ivanov wrote me.
If you've noticed a suspicious slow-down on your computer recently, or your electricity bill is inexplicably growing, you might just be mining digital coins for someone else.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.