Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Telemetry data collected by Kaspersky Lab shows that in the first nine months of 2017, malware that mines for various types of cryptocurrencies has infected more than 1.65 million endpoints.

According to Kaspersky, detections for cryptocurrency mining trojans rose from a lowly 205,000 infections in 2013 to nearly 1.8 million in 2016, and 2017 looks like it will easily surpass that number.

Zcash and Monero miners on the rise
Of all virtual currencies, Zcash and Monero were the favorites, primarily because of their support for anonymous transactions, which comes in handy to anyone looking to hide a money trail from criminal operations.

While Monero is a long-time favorite of cryptocurrency mining trojans, Zcash is a recent addition, as the cryptocurrency launched only last November.

Nonetheless, one month later, several criminal mining operations had adopted the currency, with one group's earnings estimated at $75,000/year/~1,000 computers.

A review of past major operations
Since last year, the rise in cryptocurrency mining malware distribution was easily observable by the number of reports put out by cyber-security firms. Such reports often help infosec industry observers to gauge new trends.

Below is a list with the most important malware distribution
campaigns that pushed cryptocurrency miners in 2017.

Terror Exploit Kit dropped a Monero miner back in January
⬗ Even some Mirai botnet variants tested a cryptocurrency mining function
Adylkuzz cryptocurrency miner deployed via EternalBlue NSA exploit
Bondnet botnet installed Monero miners on around 15,000 computers, mostly Windows Server instances
Linux.MulDrop.14 malware mines for cryptocurrency using Raspberry Pi devices exposed online
⬗ Crooks targeted Linux servers via SambaCry exploit to deploy EternalMiner malware.
Trojan.BtcMine.1259 miner uses NSA's DobulePulsar to infect Windows computers
DevilRobber cryptocurrency miner became the second most popular Mac malware in July
Linux.BTCMine.26, a Monero miner that included references to Brian Krebs in its source code.
CoinMiner campaign that used EternalBlue and WMI to infect users
Zminer trojan found infecting Amazon S3 servers
CodeFork gang used fileless malware to push a Monero miner
Hiking Club malvertising campaign dropped Monero miners via Neptune Exploit Kit
⬗ A CS:GO cheat that delivered a Monero miner for MacOS users
Jimmy banking trojan adds support for a Monero miner
⬗ New Monero miner advertised via Telegram
These are only some of the major campaigns, but there are countless of other smaller operations that went unreported.
 
  • Like
Reactions: Venustus and shmu26

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top