How prevalent is and what are the impacts of illegal crypto mining? With the rise in popularity of cryptocurrencies and the increase in the difficulty in mining new coins, people look for new ways to create new coins.
In the same way, some people even resort to illegal crypto mining with the use of malware that stays hidden in the devices, computer or mobile, of the victims.
In this process they steal the resources of the others for mining valuable digital currencies such as Bitcoin, often without the knowledge of the users.
Malicious or illegal crypto mining can use the web browser to infect the system with malicious software.
Illegal crypto mining typically has the same objective as other malicious attacks which are to make profits by attacking the computing public.
However, the only difference between it and other threats is that it is designed specially to stay hidden completely from the users.
It can compromise all available types of devices that are used for mining crypto coins such as desktop computers, laptop computers, mobile phones, and even network servers.
The malicious actors can make an individual or even an organization their victim and mine digital currencies at the cost of their computing power and other resources.
If you do not know how it happens and what kind of impact illegal crypto mining may have on you and your business here is an article that you will find too good to ignore.
Through this article you will not only know what it is but you will also know how to improve your online security and protect your computer systems and business from being used for illegal crypto mining by the bad actors.
How Prevalent is and What are the Impacts of Illegal Crypto Mining?
Cryptocurrencies offer financial rewards in different forms and volumes but along with it also comes risks and threats in new forms.
This is due to the growing popularity of crypto mining and more and more people are taking it up as well as the increase in the value of crypto coins over the years.
The cyber criminals shifted their focus quickly from other avenues of making profits such as ransomware to illegal crypto mining.
However, if you want to know the mechanics of illegal crypto mining and the threat it poses to your system and businesses, you should start by knowing a bit of its background.
As said earlier, this is a process in which a malware is infected in the system of a user which stays hidden but mines crypto for the malicious actors by using the resources of others.
This has become a more favored and an easy option for the malicious actors because it involves less risk of getting caught and the higher chances of making more profits.
This means that, in order to mine crypto illegally, the malicious actors do not need to build or invest in an expensive and dedicated computer.
They simply have to steal the necessary resources of others in some way or the other to mine the coins.
For that, they use malware or malicious software.
Sometimes, with all the resources stolen and put to use by these malicious actors together, they can even compete with larger and advanced crypto mining firms, and all of it at the cost of others.
Illegal crypto mining can take a toll on your device and on you in ways more than one such as:
- It will slow down the operation and reduce the performance of your device
- It will increase your monthly electricity bills
- It will result in overheating of the systems
- It will damage the components of the device resulting in frequent failures
- It will increase your cost of repairs and maintenance of your systems and
- It will shorten the life of your system asking for a costly replacement.
The damages caused to your system will depend on how long you take to detect such an attack.
Typically, slowing down of your computer system, increase in the electricity bills and use of the cooling fans more, are a few certain red flags for illegal crypto mining being done via your system.
Typically, the motivation behind illegal crypto mining is nothing extraordinary but to make money by mining valuable crypto coins without incurring large costs.
All the malicious actors need is to create a few lines of code to hijack the computing resources of the unsuspecting victims.
This code is easy to deploy and stays undetected because it keeps running in the background.
Once the malware is running, it starts to mine crypto coins automatically and silently or steal money from the crypto wallets of the victims.
Illegal crypto mining has become more prevalent over the past few years, and in fact it is one of the most common types of threats now in the crypto space.
And, there are lots of statistics to prove that illegal crypto mining has become more prevalent since 2017 onwards.
For example, an October 2017 report of Fortune suggested that illegal crypto mining will be the next big security threat to the crypto space.
Also, a February 2018 report of Malwarebytes Labs stated that illegal crypto mining was the most common type of threats detected after September 2017.
In fact, the report found that there was an increase in such activities detected by about 4000% within the first quarter of 2018 itself.
And, in most of the cases it was an Android based phone that was used for such activities.
Over the years, the bad actors continued to up their ante and started infecting powerful hardware with malware.
In fact, illegal crypto mining has somewhat become the primary threat to the genuine crypto miners, individual or an organization alike.
According to a 2021 State of Malware Report, Bitcoin Miner was the most significant danger for Windows computers, and the Mac computers for consumers in particular experienced an increase in crypto theft and illegal mining.
Typically, illegal crypto mining, as said earlier, is a low-risk option to make money by using resources of other people by malicious actors.
Therefore, it is absolutely essential that you protect your systems and your business from such threats.
How Does It Work?
The working process of illegal crypto mining is pretty simple, which is why it is perhaps the most favored option of the malicious actors today.
They typically enslave your computer to mine crypto illegally. For this, they use more than one way.
The most common method is to use a classic malware attached as a link in an email.
When a user opens the mail and unknowingly or inquisitively clicks on the link, the malware code is loaded directly and instantly onto the computer.
Once it is loaded and running, it continues mining crypto coins around the clock staying hidden in the background and using the resources of the computers of the victims.
This is a persistent threat and is local because it remains in your infected computer.
Another way of illegal crypto mining is called the drive-by crypto mining.
This can affect your desktop computer as well as your Android-based mobile devices.
When a user visits that particular page it automatically starts mining crypto coins illegally.
In this process, only that amount of resources of the system is used by the malware which does not raise the suspicion of the user and stays unnoticed.
The browser window is also hidden while it is open and is sized in such a way to fit behind the clock or below the task bar.
The significant aspect of this type of illegal crypto mining is that it stops as soon as the user leaves the website – good for them and bad for the hackers.
In the case of mobile phones, these attacks can happen through a Trojan that may be hidden in the app downloaded and installed in the device.
Also, your phone may be redirected to a website that is infected with a persistent pop-under.
In the event of your phone being infected with a Trojan, depending on its type, it may make the processor of your phone work so hard that it overheats the device, causes the battery to bulge and leave your Android phone for dead.
The crypto mining malware infected by the bad actors in the computers of unsuspecting users use the similar modus operandi and attack vectors as other threats.
Of course there is a point of worry for the cyber criminal. It is that the devices and machines that are connected to the internet may be pretty fast to process data but usually do not have the capability of crunching extensive numbers.
As a result, they need to offset this and that is why, for illegal crypto mining, the bad actors use malware to circumvent the challenges.
These specific malware are designed specially to zombify the botnets of the systems in order to perform these specific tasks.
As said earlier, the bad actors may send a malware to a computer system or a mobile device in different ways such as:
- A spam email
- Malicious URLs
- Junkware and
- PUAs or Potentially Unwanted Applications.
Therefore, as it is evident, with the passage of time, the hacking tools and backdoors have emerged which makes it easy for the malicious actors to victimize the unsuspected users with a variety of crypto mining threats.
These threats typically come with more capabilities such as:
- URL spoofing
- Distributed Denial of Service or DDoS and more.
These can even masquerade as a component of a useful product. Some of the modern and notable crypto mining malware that comes with different capabilities are:
- Adylkuzz that typically leverages EternalBlue
- MulDrop.14. Trojan that aims Raspberry Pi devices and
- CPUMiner or EternalMiner that uses SambaCry.
The modern cyber criminals also use advanced malware such as a RAT or Remote Access Trojan capable of mining crypto coins.
Usually, all these attacks are typically web or network-based and may even be linked to an attack vector of a ransomware.
A few of these attacks may also be a conduit from other supplementary malware delivered.
Some of the most preferred attack vectors of these kinds are:
- Cross site scripting
- Brute force
- Default password logins
- PHP or Hypertext Preprocessor arbitrary code injection
- SQL injection
- Overflow exploits of command buffer
- Black Nurse Denial of Service
- Remote code execution vulnerability exploitation in Internet Information Server or IIS of Microsoft.
All these threats can infect the devices to turn them into a money-making machine for the illegal crypto miners.
While talking about the impacts of illegal crypto mining, the good thing that some professionals in cyber security points out about it is that the crypto mining scripts used in this case, unlike other malware types, does not damage the data or the computer of the victims.
However, it does steal the resources of the CPU of the computer which results in some other consequences.
One of the most significant of all is the slower performance of the computer which may cause a lot of annoyance for the users especially given the fact that they would not know the actual reason behind such drop in level of performance.
This, along with an increase in the electricity bills, is still quite manageable for an individual miner.
However, illegal crypto mining has a much larger and severe impact for the larger organizations involved in crypto mining.
This is because they typically have a large number of systems involved together in the process and when these systems are infected with crypto mining malware, it increases the real costs significantly.
This cost includes:
- Electricity bills
- IT labor
- Repairs and restoration and
- Missed opportunities.
Also, the impact of illegal crypto mining can be over and above performance issues.
It can also threaten the integrity of the network, its security as well as the availability of the system.
All these factors will lead to potential disruptions to the operations of an enterprise which typically and critically is mission-based.
It may also result in system hijacking and stealing of information and data from it.
The Internet of Things or IoT devices may also be impacted by crypto mining malware.
Therefore, it is also very important to know about it given the fact that presence and usage of these smart devices are ubiquitous among corporate environments and homes.
The IoT devices can be anything such as:
- DVRs or Digital Video Recorders
- Surveillance cameras
- NAS or Network Attached Storage
- Set-top boxes
- IP cameras
- Environment monitoring devices
- Android smart TVs
- Gaming consoles
- Print servers
- Routers and more.
All these devices, if involved in crypto mining in some way or the other can be affected by a crypto mining malware.
Apart from the devices, the illegal crypto mining can also impact the natural resources of the nation by draining a huge amount of energy that is unaccounted for or unpaid for.
According to a study of the Cambridge Institute, nearly 0.5% of the entire electricity production of the world can be consumed by legal crypto mining.
This by itself is roughly the amount of energy used by any small country such as Sweden or Malaysia.
Adding illegal crypto mining activities to it, the situation becomes from bad to worse.
It is all due to this huge amount of energy consumption, there has been a power shortage in several countries.
Rise and Spread of Illegal Crypto Mining
Illegal crypto mining is now a serious threat to the crypto industry and has also created a severe global issue.
According to several reports, illegal crypto mining is on the rise and is spreading thick and fast all over the globe.
The malicious actors are coming up with newer and more undetectable ways to steal the resources from the computers of the unsuspected users to mine new crypto coins.
One of the most significant latest trends among these malicious crypto miners is to embed crypto mining malware in a video on YouTube.
It is far easier to get a user to click on it and activate the crypto mining script while they watch the video.
Illegal crypto mining, also termed as crypto jacking, may have started long before but came into the light in September 2017.
This was the time when Bitcoin was reigning supreme.
A code was published by Coinhive, which was eventually shut down in early 2019, on their website.
This code was designed as a crypto mining tool for the website owners to make passive income instead of displaying ads on the website for the same purpose.
This will allow them to use the computer resources of those users who visited the site and mine Monero, a crypto coin.
Crypto mining malware is quite difficult to uncover and therefore is less risky for the cyber criminals which is why it is growing in popularity with each passing day.
It is easier to deploy and can remain undetected for a long, long time.
If it is ever detected, it is also very hard, if not impossible, to track back to the hacker.
By this time, the hacker would have collected a lot of crypto coins and have also spent their illegal crypto earnings.
There are typically three major ways in which illegal crypto mining can be spread as explained below:
- File-based crypto mining which involves downloading malware usually sent through a spam email as a link to carry out crypto mining scripts which is spread all over the IT infrastructure once it is downloaded
- Browser-based crypto mining which involves hijacking IT infrastructure with a crypto mining script created in a programming language and embedding it into the website in its ads or WordPress plugins to mine crypto directly in the web browser when it runs and the code being downloaded automatically on the computer of the users and
- Cloud crypto mining by accessing cloud services and searching for API keys of an organization in the files and codes to draw off unlimited CPU resources to mine crypto coins resulting in a huge increase in the real costs of the organization.
Before you know about the ways in which you can detect crypto mining, you should understand its exact working process.
Here are the basic mechanics behind illegal crypto mining process:
- Compromising an asset in order to embed the crypto mining script and spread it across the entire network
- Executing the crypto mining script once it is embedded in the asset either when the users click on the link or attachment sent to them or when they browse a website with a malicious ad
- Running the malicious crypto mining script in the background without the users having the slightest knowledge of it
- Solving the algorithms to intercept a currency and mine a ‘block’ which stores the digital info of the currency and
- Receiving the reward every time a block is added to the blockchain without doing any work or taking any risk, literally, and moving them into their own digital wallets.
In order to detect such malicious mining attempts in your computer, which is quite difficult since the codes of the crypto mining scripts can evade detection easily, you and your IT team will need to be exceptionally vigilant.
In addition to that, you will also need to follow these methods to make sure that it is not too late for you to respond to these attacks:
- Keep a check on any drop in the performance level of your computer which may be significant or insignificant as compared to its usual performance level and speed. This is one of the top symptoms of illegal crypto mining being carried out in your system. Also, educate your employees to look for such symptoms and report to the IT team when they notice anything abnormal.
- Keep a check on whether or not your systems are getting overheated much too easily and quickly than before. This is another good sign of illegal crypto mining in a system which may eventually damage and destroy the system. Also, find out whether or not the cooling fans are running for a longer time than usual in order to keep the system cool.
- Monitor and analyze the usage of your CPU with your IT team. You can do this by using the Task manager or Activity Monitor. If you see that there is a significant increase in the CPU usage when the users are on a website but there is very little or no media content, consider it to be a sign of illegal crypto mining being performed in your systems.
- Observe your official website regularly to find out whether or not any crypto mining code is embedded in it. Look for any unaccounted changes made in the files on the web server or web pages of the site.
- And, always scan for malware in your systems by using your security and antivirus software to identify malicious scripts.
Most importantly, you should be well versed with the new trends followed by the malicious actors to mine crypto illegally.
This is a very important aspect to detect illegal crypto mining in your systems because the bad actors are always on the lookout for newer and more effective ways to create better codes to infect the systems of the unsuspected users.
They are also using new delivery methods of the codes.
If you are proactive and learn about these illegal practices you will be able to stay ahead of these malicious actors and prevent them from using your system to mine crypto coins illegally, which brings to the most important and final section of this article.
It is true that it is quite difficult to detect whether or not your system is being used by the malicious actors for mining crypto coins illegally, whether it is locally or through a web browser.
However, it is not as difficult to take some precautionary measures in order to prevent your system from being used for this purpose in the first place.
This will protect your systems, the network, as well as your crypto assets, and your business, as the case may be.
These are some of the useful preventive measures that you can take based on the conditions.
Choose the measures based on whether you are an individual miner or a business involved in crypto mining. Here they are for you:
- Train your IT team – Since knowledge about illegal crypto mining is very important, you should train the IT team of your business to understand crypto mining, the ways of mining crypto coins illegally, the latest trends followed and the ways to detect whether or not your systems are being used for mining crypto coins illegally. They should be well aware of the first signs and symptoms of illegal crypto mining and investigate it further as well.
- Educate the employees – You should also ensure that your employees play a significant role in preventing illegal crypto mining by using your systems. Educate them as well on how to detect possibilities of illegal crypto mining being performed on the systems such as looking for drop in performance level and speed as well as overheating of the systems pretty quickly. They should also be knowledgeable about cyber security and not click on suspicious and unknown emails and links or download anything from any unreliable and insecure sources.
- Use anti-crypto mining extensions – Typically the malicious actors install the crypto mining scripts through web browsers. Therefore, it is prudent to use anti-crypto mining browser extensions that will block the crypto mining scripts as well as the miners across the web.
- Use ad-blockers – One of the most common places where a crypto mining malware may be hidden are the web ads. If you use a reliable and effective ad-blocker then it will be easy for detecting such crypto mining codes and blocking them as well.
You should always try avoiding a purpose-built solution.
Instead, you should use a more comprehensive program to ensure foolproof cyber security over and above illegal crypto mining and includes intimidations from other ransomware, malware, browser-based drive-by download, Trojan, and online threats.
Remember, there is no silver bullet for these kinds of threats.
You can only try to mitigate them as and when it happens by following a few additional best practices such as:
- Updating your device or devices on a regular basis with the latest patches that will help you to prevent the malicious actors from using the vulnerabilities in your systems as a backdoor to them
- Changing the default credentials of your device or devices and further strengthening them to ensure that no one other than who are authorized to can access these systems
- Enabling the firewall for your device or devices to make them more secure as well as deploying intrusion detection and prevention systems that will help you to alleviate incursion attempts
- Taking care and being knowledgeable about the known attack vectors that may corrupt your systems such as unsolicited or unknown emails, socially engineered links, questionable software and apps of third parties, attachments or links or files from any suspicious website and more
- Ensuring that the IT team professionals and the system administrators are knowledgeable about information security
- Considering application white listing or any type of similar security mechanism that will prevent your system from being infected with any suspicious executables in them and running on and
- Monitoring network traffic proactively so that it helps in identifying red flags more easily that may indicate illegal crypto mining script and malware infection.
You may also follow some other tried and tested practices that will ensure protection of your systems from illegal crypto mining such as:
- Implementing the principle of least privilege
- Making the email gateway safe
- Creating and implementing proper remedy against web injections
- Put Bring Your Own Device or BYOD into practice along with other corporate mobile devices best practices and
- Creating a workforce aware about cyber security.
All these are a part of a comprehensive and in-depth defense mechanism that will reduce the exposure of any enterprise to the threats of illegal crypto mining.
Remember, in a landscape like crypto where threats are morphing continuously, protecting our systems and staying safe from being hacked and losing your crypto assets is a difficult, demanding, meticulous, and a full-time job.
Therefore, using security systems that will detect, protect, and even clean up any type of intrusion is more welcome to ensure that the computer resources can be used by you, and you alone, and not by any malicious actor.
So now you are aware of illegal crypt mining and its impacts and what it means to your business.
Thanks to this article, now you know the ways in which you can detect them, stay alert, and prevent such unlawful activities on your systems with more heightened security.