Cryptocurrency-Mining Malware: A New Threat?

Cryptocurrency has exploded during the past few years. Investors increasingly saw cryptocurrency as a modern way to diversify their portfolios and reduce risks associated with traditional stocks and bonds. December 2017, the cryptocurrency market witnessed exponential growth spearheaded by Bitcoin which reached just under $20,000.

The volatility of the cryptocurrency market encouraged miners to seek alternative strategies to achieve cost efficiencies and to maximize their profits. It also led to the development of an underground network of cyber criminals who developed a new type of malware to profit from cryptocurrency mining even if this means taking advantage of your precious computing resources without your knowledge.

Mining 101

Cryptocurrencies are created through an energy-intensive process, known as “Mining”. The miner requires high computing power to solve a complex mathematical equation and to validate the blockchain record of transactions. In exchange, miners receive coins for successfully completing the equation.

According to a research conducted by Elite Fixtures, the cost of mining a Bitcoin varies significantly around the world, from as little as $531 to a stunning $26,170. You can visit this link to learn how much it costs to mine a singly Bitcoin in your country. With cost being a major factor for mining cryptocurrency, miners are relocating to countries such as Iceland or China to benefit from cheaper energy. Others, are looking to virtually harness system resources by using victims’ devices without their consent or knowledge.

As a result, a new type of malware referred to as Cryptocurrency Mining Malware aka Crypto-Malware, has been growing exponentially, targeting devices with valuable system resources (CPU, RAM…) across the globe. Using Crypto-Malware, cyber criminals generate profit without bearing any of the costs required for mining cryptocurrency.

Crypto-Malware: how does it Work?

Similar to any other type of malware, cyber criminals use social engineering techniques to inject the malware into the victims device. Once injected, the malware is engineered to run in memory without touching the file system, bypassing traditional cybersecurity measures such as antivirus.

The Case of Dofoil aka Smoke Loader

March, 2018 Microsoft encountered a rapidly spreading cryptocurrency-mining malware, called Dofoil aka Smoke Loader, which infected over 500,000 computers within just 12 hours before successfully blocking it. Dofoil is used to inject a cryptocurrency program that can mine various cryptocurrencies on infected windows PCs. However, in this campaign attackers used Dofoil, to mine Electroneum coins only.

According to the Windows researchers, Dofoil used a common injection technique called ‘process hollowing’ that involves running a new instance of a genuine process with a malicious one, misleading traditional security tools into believing that the genuine process is actually running.

More recently, August 2018, more than 170,000 devices in Brazil were targeted in a crypto-jacking attack. According to security firm Trustwave, the attackers injected a cryptocurrency application into MicroTik routers to mine Monero (XMR) Coin, with the potential to contaminate over 1 million routers worldwide.

Monero (XMR) to be the most mined coin in crypto-jacking cyber-attacks in 2019

According to the latest Cyber Threatscape report by Accenture, the use of cryptocurrency miner malware is likely to continue in 2019, with a shift work alternative cryptocurrencies, most notably, Monero. The main reason behind this shift, is due to the fact that Monero (XMR) is currently the most private cryptocurrency in market.


The quickest option to reduce the risk of crypto-malware infection is to install ad-blocking, anti-crypto-mining extensions on web browsers to stop such scripts of running. The “No Coin” extension is available for Firefox, Chrome and Opera. Businesses can also disable JavaScript to disable cryptocurrency miners that run on Java, keeping in mind that this can impact users ‘experience.

Important to keep in mind, that similar to other malware, cryptocurrency mining exploit vulnerabilities within your network. Therefore it’s important to ensure that your vulnerabilities are patched and your systems are updated on regular basis.

Awareness is the first layer of defense.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s