Report Finds Cryptojacking Instances Jumped 400% In A Year

A report by a group of cybersecurity researchers found that cryptojacking instances jumped more than 400 percent in a year.

AccessTimeIconSep 21, 2018 at 6:00 p.m. UTC
Updated Sep 13, 2021 at 8:24 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Instances of cryptojacking malware have jumped more than 400 percent since last year, a new report finds.

A collaborative group of cybersecurity researchers called the Cyber Threat Alliance (CTA) published the report Wednesday, detailing the various and repercussions from cryptojacking – the illicit practice of hijacking a user's computer to mine cryptocurrencies.

Most notably, CTA points out in the research that the number of instances of illicit mining malware found has sharply spiked in the months from the close of 2017 to end of July 2018.

The report states:

"Combined data from several CTA members shows a 459 percent increase in illicit cryptocurrency mining  malware detections since 2017, and recent quarterly trend reports from CTA members show that this rapid growth shows no signs of slowing down."

In the key findings document, the alliance points to a particular exploit that has been plaguing the security world for over a year, Eternalblue, as one of the leading causes.

Eternalblue is the infamous NSA exploit that was used in the Wannacry ransomware and NotPetya attacks.

The CTA's analysis explains that a number of Windows operating systems remain vulnerable to the bug, despite a patch released by Microsoft. As such, these systems run a vulnerable network file sharing protocol dubbed SMB1.

Malicious actors target these susceptible machines for their processing power, which even simple cryptojacking software can hijack.

In fact, these actors have even begun repurposing existing software to specifically mine cryptocurrencies, the report said, explaining:

"Researchers noted in February 2018 that the BlackRuby Ransomware family began 'double dipping' by adding the open-source XMRig software to their tools to mine Monero. The VenusLocker Ransomware family completely shifted gears, dropping ransomware for Monero mining. The Mirai botnet, notable for its 2016 DDoS attack that used IoT devices to impact substantial portions of U.S. internet services, has since been repurposed into an IoT-mining botnet."

Further, by decreasing the mining rate, the malware can easily and cheaply be scaled across a network in large organizations and persist on the host computer for a longer time, resulting in a larger pay-out.

Palo Alto Networks, one the partners in the alliance, found that Coinhive dominates in terms of software used by malicious actors, with some 23,000 websites containing Coinhive source code.

Moreover, the group of security firms has noticed that malicious actors are shifting their focus from traditional systems and personal computers to Internet-of-Things devices like smart TVs.

The CTA also stressed that the presence of cryptojacking malware may just be an indicator of how insecure a system is, saying, "if miners can gain access to use the processing power of your networks, then you can be assured that more sophisticated actors may already have access."

Mining image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.