Cryptojacking increasingly popular attack vector for botnets

A new bulletin from the Russian internet security company Kaspersky Labs, published November 28, says that the malware of encryption mining has become increasingly popular among botnets in 2018.

Stealth encryption attacks – also known as cryptodirage – work by installing malware that uses the processing power of a computer to extract cryptocurrencies without the consent or knowledge of the owner.

According to Kaspersky, after the bull run of the encrypted market has lowered in January-February. In 2018, the interest in encryption has also been briefly decreased, but it has remained a constant and current threat throughout the year.

Number of unique users attacked by miners in Q1-Q3 2018

Among the botnets in particular, during the cryptojacking boom of the first quarter of 2018, the amount of encrypted malware downloaded from botnets, out of a total of files, reached 4.6% – compared to 2.9% in Q2 2017 The bulletin extrapolates that botnets are increasingly being seen as a means of spreading the malware of encryption, with cybercriminals increasingly looking at cryptography as more favorable than other attack vectors.

Kaspersky discovered that the third quarter of 2018 saw the number of DDoS attacks from botnets decrease, arguing that "the most likely reason is […] the "reprofiling" of botnets from DDoS attacks to cryptocurrency mining ":

"[I]f done correctly, [cryptojacking] it may be impossible to detect for the owner of an infected machine […] the reprofiling of the existing server capacity completely hides its owner from the eyes of the law. Evidence suggests that the owners of many well-known botnets have changed their attack vector to mining. For example, the DDoS activity of the Yoyo botnet has dropped dramatically, although there are no data on it that are being dismantled. "

Other factors in the increase of cryptojacking are the low "entry threshold" for cyber criminals; The code based on the web browser, such as Coinhive, is an option, and there are also a number of "ready-to-use affiliate programs, open mining pools and miners' builders" available to attackers.

The report notes that "time will tell" what the impact of the crypto market crash in November will be on the prevalence of cryptojacking infections.

In mid-November, the computer security research team McAfee Labs discovered the new mining malware produced in Russia, which uses consumer devices to extract Monero (XMR), almost without trace.