Crypto-malware is a type of malicious software, or malware, designed to carry out long-term cryptojacking cyberattacks.
To understand what crypto-malware is and how it works, it is helpful to know what cryptocurrency is and how it is created.
Here we review a few related terms:
Cryptocurrency is a digital currency that can be traded online for goods and services based on blockchain technology. Unlike money, cryptocurrency is encrypted and decentralized, meaning it is unable to be modified and there is no central authority that manages it. While cryptocurrency can be used for legitimate purposes, it is also the currency of choice among cybercriminals given its inability to be traced. Bitcoin is the most well-known cryptocurrency, though Monero is also becoming increasingly popular among cybercriminals.
Cryptomining, or cryptocurrency mining, is the process of creating a unit of cryptocurrency wherein “miners” solve complex mathematical equations in order to validate data blocks and add transaction details to a blockchain. This activity, which is legal, is rewarded by payment via cryptocurrency.
Cryptojacking, sometimes called criminal cryptomining, is the unauthorized use of a person’s or organization’s computing resources to mine cryptocurrency.
Crypto-malware is a form of malware that enables a threat actor to carry out cryptojacking activity. While the process used by hackers is essentially the same as compared to that used by legitimate cryptominers, crypto-malware leverages another user’s devices and processing power to gain payment. In doing so, these attacks drain significant resources from the victim’s computer without any payoff for the device’s owner.
As the value of cryptocurrency continues to rise and its use becomes more ubiquitous, crypto-malware attacks are becoming increasingly popular amongst cybercriminals. In most cases, crypto-malware can run independently and indefinitely once they are executed on the victim’s device. In this way, attackers can assume a steady return on crypto-malware so long as the code remains undetected.
With new variants of crypto-malware being created and new cryptocurrencies continuously in circulation, we are likely to see a further increase in crypto-malware attacks in the near future.
Unlike most malware, crypto-malware does not aim to steal data. Rather, it leverages the victim’s device to continuously and inconspicuously mine for cryptocurrency for as long as possible.
A silent threat, crypto-malware is often disguised as legitimate software that, once downloaded, embeds malicious code into various applications and programs. This code will run in the background and mine for currency any time the victim uses their device.
An advanced method of infection is via a compromised ad or website. When the user visits the infected site, the script runs automatically on the victim’s device. This form of attack is even more difficult to detect since the malicious code is not stored on the computer itself, but in the browser.
Crypto-malware attacks and ransomware attacks are both designed to generate income for the attacker. However, the method for doing so varies significantly.
A ransomware attack encrypts a victim’s data until a payment is made to the attacker. If the payment is not made, the ransomware attackers may then sell the information on the dark web as an alternate form of income.
Ransomware remains one of the most profitable tactics for cybercriminals, with the global cost of ransomware in 2020 estimated at $20 billion and the average ransom payment totaling $84,000.
Crypto-malware, on the other hand, operates silently and surreptitiously in the background of the user’s system. Unlike a ransomware attack that demands payment directly, the crypto-malware attacker hopes that the malicious code remains undetected as long as possible so that they can continue to mine cryptocurrency using the victim’s device.
Since crypto-malware does not explicitly steal data, it may not be regarded as a significant cyber threat on par with a costly ransomware attack, widescale data breach or disruptive virus or Trojan. However, its ongoing use of the victim’s computing power to mine cryptocurrency is draining and significantly impacts the productivity of the user. In most cases, the victim will suffer from significantly slower system processing speeds and may not be able to perform multiple tasks simultaneously.
Crypto-malware attacks are a relatively new phenomenon. This, coupled with the fact that they are difficult to detect, make them extremely difficult to defend against. In most cases, the best line of protection is through responsible online behaviour on the part of the user. This includes:
Organizations must take additional steps to protect their business assets, customers, employees and reputation from all types of malware and ransomware variants. Steps include: