Skip to main content

Cryptojacking is the new ransomware. Is that a good thing?

NurPhoto/Getty Images

Making money from mining cryptocurrencies isn’t just something that people do with their own hardware, malware authors have also been creating malicious software to have other people do the hard work them – and we don’t mean cloud mining. While this represents a new fad in the realm of malware authorship though, it may not be around in this guise for long.

“Cryptojacking is outpacing ransomware reports by a factor of 1 to 100, and these numbers will continue to increase …”

In our history of malware feature, we looked at how malware tends to come in waves. While the latest and most dangerous in recent memory has been ransomware, it’s been pushed far from the top spot of common attacks in recent months by the advent of cryptominers, which look to force infected systems to mine cryptocurrency directly. While it may have been riding high recently though, like the value of cryptocurrencies themselves, it’s a malware type that already seems to be on the decline.

Digital Trends spoke with some prominent digital security experts to find out what this means for the near future of malware and what they think cryptomining malware might look like in the months and years to come.

No crowned king lasts forever

“Since cybercriminals are always financially motivated, cryptojacking is yet another method for them to generate revenue,” said Liviu Arsene, senior E-Threat analyst at BitDefender. “Currently, it’s outpacing ransomware reports by a factor of 1 to 100, and these numbers will continue to increase for as long a virtual currencies remain popular and the market demands it.”

Cryptojacking On The Rise | CNBC

These stats were backed up by MalwareByte’s quarterly malware report. It noted that cryptomining had become one of the most common malware in recent months. It suggested that it had increased by as much as 4,000 percent in the consumer sector over the last quarter. It was also growing in the business space, with a 27 percent increase in overall detections during last quarter.

That increase made it the second most common digital infection. MalwareBytes noted over the past three months, falling only just behind adware. In comparison, ransomware, which has been a major threat for the past few years, saw a notable decline in the consumer space, falling by 35 percent.

Part of that could be to do with the more sophisticated targeting of ransomware at businesses and larger enterprises, but it may also be that the top producers of the ransomware software have been halted in their tracks.

“I wish there were miners everywhere, that [it was] all we had to deal with.”

“There was a big arrest last year, that was likely the creators of cerber, the biggest ransomware family at the time,” MalwareBytes head of malware intelligence, Adam Kujawa told us. “If that was the case, it makes sense that that particular malware family would drop off. After that we’ve seen a couple of new families, but nothing that’s being distributed at the same sort of level.”

Since that happened, Kujawa noted that MalwareBytes had seen a general drop off in ransomware distribution and that this was indicative of the marketplace shifting direction.

Profile of a new predator

Although old standouts like adware and spyware are still more prevalent than cryptojacking, the new kid has quickly become one of the most common threats seen. Malware authors will take a freely available cryptocurrency miner that is aimed at consumer usage and modify it so that it runs silently on a system, making it harder to detect and therefore giving it longer to generate income for the author before it’s discovered. The malware is then usually distributed alongside some other form of malware like an exploit kit which allows it to be installed in the first place.

But even if you don’t download a malicious file or click a dodgy link, websites themselves can force your machine into the crypto mines, like the extremely prevalent CoinHive incident from earlier this year.

CoinHive
A Coinhive javascript program injected into a web page’s code Image used with permission by copyright holder

“Browser-based cryptojacking is becoming very popular amongst cybercriminals, especially when end users are concerned,” explained BitDefender’s Arsene. “Deploy it within legitimate and high-traffic websites after they’re breached their security, it has immediate return-on-investment as each visitor will mine cryptocurrency for as long as the script-based miner remains on the server.”

Cryptomining has a few unique features too, compared to other commercial malware solutions. For starters, it’s almost platform agnostic, with infections cropping up on Macs and Android devices, as well as Windows PCs. Kujawa told Digital Trends that as many as 1,000 new Mac-targeted cryptominers had appeared in the past three months alone.

So, what’s the problem?

If cryptomining isn’t particular smart or targeted then, is it something we need to be too concerned about? If a victim’s computer runs slow while they’re on an infected website, rather than having their files encrypted or identity stolen, would it not be better for everyone if malware authors focused on that kind of attack than more traditional ones?

“The fact that the victim is running cryptocurrency mining software is the least of their problems.”

“The spread of cryptominers is no where near the ‘everybody panic’ state [like] when encrypting ransomware first came out,” Kujawa said. “I wish there were miners everywhere, that that’s all we had to deal with, and no ransomware or information thieves.”

BitDefender’s Arsene agreed, to a point, suggesting that on the surface cryptojacking was relatively benign. However, as much as this sort of malware might be less of a threat than other types, that doesn’t mean it doesn’t have potential to damage — or mask more serious threats.

A bitcoin mining farm NurPhoto/Getty Images

One such threat facing businesses is a loss of productivity, as MalwareBytes’ CSO and CIO, Justin Dolly, explained. If left unchecked, cryptominers also have the potential to cause damage to hardware. As MalwareBytes found when one of its malware-trap systems was infected with a number of miners.

“After the cryptomining craze [last year] one of our systems had its graphics card fried, because of how many miners were being loaded up in analysis of this system,” Kujawa said. “[They] would rev up the GPU cycles and CPU and just kill it, so we had to replace the graphics cards.”

Perhaps the biggest risk with cryptomining though, is that it can be used in tandem with other types of malware. Imagine a ransomware attack  the user is scrambling to figure out how to decrypt their files, their PC is mining away and earning the attackers even more money.

“This will likely fuel the need to create mining rigs made of large botnets.”

“If a victim has been compromised using an unpatched vulnerability or via a fileless attack, the fact that the victim is running  cryptocurrency mining software is the least of their problems,” said BitDefender’s Arsene. “Technically, the attacker could have deployed any payload – ranging from keylogging malware to data exfiltration malware.”

Even if cryptomining malware doesn’t bring with it a whole host of other problems too, there’s always the chance that it will not be detected for months or even years in the case of some systems.

How long is the wave going to last?

Cryptomining might be more dangerous than it appears, but like all other types of malware, it is likely to have its heyday. Indeed, as cryptocurrency values have fallen since the end of 2017, the instances of cryptojacking have been falling too. While the overall numbers might be higher than last quarter, they are lower than their peak, as Malwarebytes’ latest malware report shows.

Bitdefender Senior Analyst, Liviu Arsene. Bitdefender

“Cryptojacking is definitely here to stay,” BitDefender’s Arsene said. “These numbers will continue to increase for as long as virtual currencies remain popular and the market demands it.”

Another interesting wrinkle he raised was that as the difficulty of mining of various cryptocurrencies increases, it could be much more lucrative to get others to do the hard work for you.

“Since mining for cryptocurrency will become increasingly more expensive to mine using someone’s own private hardware, this will likely fuel the need to create mining rigs comprised of large botnets, hence fueling the cryptojacking threat,” he said.

That’s something that MalwareBytes sees as having a lot of potential too. Especially when you consider some of the enormous IoT driven botnets we’ve seen in recent years. But ultimately that all depends on whether it’s actually worth it to keep investing in that avenue of malware authorship.

If anything, it’s easier for digital security companies when a new trend is breaking. They know what they need to focus on in the immediate future. But now that cryptominers may have peaked, the experts are unsure of what to expect next.

“This is an anomalous time right now, and that’s the scariest part,” Kujawa said. “The scary part is not knowing where the criminals will go when cryptocurrencies no longer interest them.”

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
A new supply shortage is now hitting SSDs and hard drives
Two Samsung SSDs on a graphics card.

Cryptocurrency miners are already blamed for the shortage of graphics cards in recent years, and the situation has become especially dire during the global pandemic when coupled with supply chain disruptions. If miners have their way, there's another important PC component that could become scarce. It's reported that if the new Chia cryptocurrency takes off, the PC industry and gamers may have to grapple with a shortage of storage, as inventory of hard disk drives and solid-state drives could quickly become depleted.

Unlike existing cryptocurrencies, the Chia currency heavily relies on storage space, as it's based on a "proof of space and time" model. On the other hand, currencies like Bitcoin are based on a "proof of work," which doesn't require as much storage.

Read more
Get paid in cryptocurrency for viewing ads in the new Brave browser
earn cryptocurrency in brave browser blocks google

Brave Software officially launched version 1.0 of its Brave web browser on Wednesday, November 13. The first version launched in January 2016 and has since gained more than 2.8 million active users daily and eight million active users monthly. It’s based on Google’s Chromium browser and relies on Basic Attention Tokens (BAT) to generate revenue.

The idea behind Brave’s BAT system is to reward content creators using cryptocurrency. It doesn’t generate virtual coins in the background, but rather provides means for readers to tip 300,000 participating Brave Certified Publishers. These include The Washington Post, The Guardian, MarketWatch, and more.

Read more
This Asus laptop handily beats the XPS 13 — and it’s cheaper
The Zenbook S 14 on a table in front of a grass lawn.

Windows manufacturers have been hungering for a chipset that can keep up with Apple's very fast and efficient M3 architecture. Enter Qualcomm with its Snapdragon X and Intel with iLunar Lake. Each aims at providing better battery life with good performance, as well as adding faster on-device AI speeds to support Microsoft's Copilot+ PC initiative.

The XPS 13 9345 is among the first Qualcomm laptops and the Zenbook S 14 is the first Lunar Lake laptop that we've reviewed. This makes it an important battle to see which platform can make it to our list of the best laptops.
Specs and configurations

Read more