Cryptocurrency Mining Malware Trends

Delaware, USA – June 14, 2018 – Josh Grunzweig from Palo Alto Networks shared his research on the trends of cryptocurrency mining malware. He managed to collect statistics on more than 629 thousand malware samples and analyze it. The most popular cryptocurrency among adversaries is Monero, almost 85% of malware analyzed mine this cryptocurrency. Monero attracts adversaries as it is difficult to track down XMR wallets. However, the researcher found mining pools associated with malware samples and estimate attackers’ profit. The investigation showed that about 5% of all Monero cryptocurrency was mined with malware. However, the real amount is larger, since in-browser coinminers have not been taken into account, and some of the malware samples could have several mining pools that were not found during the research. Almost every second sample brought nothing to its creators, and only one hundred malware samples were really successful, 16 of which mined more than 10,000 Monero.

Successful campaigns encourage malware authors to create more sophisticated samples. 360 Total Security regularly registers campaigns affecting thousands of systems worldwide, for example, WinstarNssmMiner2 infected 200,000 systems in a short period. Massive botnets are more successful as they exploit powerful web servers to mine cryptocurrency. You can use ArcSight and Web Application Security Framework to spot breach attempts and malicious activity associated with your critical business applications.