In 2015 and 2016 the winner was crypto-ransomware exploits. In 2017 and 2018 the most common exploit was Business Email Compromise, aka Email Account Hijacking (BEC/EAC). This is year is shaping up to be the year of the crypto-mining exploit.
Here are the crypto-mining malware programs that are the most prevalent:
- AuthedMine – A variant of Coinhive, AuthedMine ios supposed to require an explicit opt-in from the end user to run the miner. This is designed to run on browsers with ad-blockers installed.
- Coinhive – Conihive started as a legitimate Monero mining tool, but has evolved into malware that runs in browsers without the owner’s knowledge or consent.
- CryptoLoot – Designed to run on a website, and infect site visitors as a way to add processing power to your coin-mining operation. Looking for a way to monetize your website? This is not the answer!
- Dorkbot – According to US-CERT, Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in over 190 countries over the course of the past year.” In this context it has been modified to participate in crypto-mining.
- Emotet – I have written about this one before. According to US-CERT, Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Additionally, Emotet is a polymorphic banking Trojan that can evade typical signature-based detection. It has several methods for maintaining persistence, including auto-start registry keys and services. It has been updated to include crypto-mining functions.
- Jsecoin – Apparently the new crypto-coin du jour, and the miner is another browser based miner that supposedly uses “unused processor cycles that would otherwise be wasted.”
- XMRig – This is a high speed CPU miner for Monero, and has the distinction of official Microsoft Windows support.
Crypto-currency mining has become more expensive for legitimate mining operators. It requires a lot of processing power to mine crypto coins, and as the values for crypto-currency decline, as some have, there is not a lot of profit for mining operators after expenses. Thus the allure of crypto-jacking your operation by “recruiting” of computers through your website visitors, or with the use of phishing emails, in order to build a mining botnet at no cost.
Symptoms of a crypto-mining exploit running on one of your computers are increased hard drive activity when no one is using the computer, fans running non-stop to dissipate the extra heat coming from the CPU. In the case of hijacked phones or tablets, they will feel hotter to the touch, and the batteries will drain much more quickly.Share