The speculative demand for cryptocurrencies has shrunk in the last 12 months, but the amount of malware for cryptocurrency mining operations has exploded.
The latest McAfee Labs Threat Report shows that in the last four quarters ending September, the number of cryptocurrent miners running on malware has risen to around 4 million, or an increase of 4,467%. From the second quarter to the third quarter, mining malware grew by 55%.
According to the cybersecurity company, much of the malware has been transferred not just to normal desktop computers or laptops, but to Internet of Things (IoT) devices such as cameras and video recorders, as well as to routers, which are presumed to be untargeted because of their relatively low processing power.
"[C]The cybercriminals have noted the increasing volume and poor security of many IoT devices and have begun to focus on them, taking advantage of thousands of devices to create a super-mining computer, "said McAfee Labs.
A malware program, for Mac operating systems, was called OSX.Dummy, which was asked users of mining chat groups to download, presumably to solve mining problems. "Users have essentially infected their devices instead of falling victim to an unknown exploit or exploit kit," the report read.
Another operation, which began in 2017, included malware in an add-on for the Kodi open source media player.
MikroTik routers found a vulnerability, with security researcher Troy Mursch reporting 3,700 compromised devices that had been used as miners, mainly in North America and Brazil.
Christiaan Beek, chief scientist at McAfee Labs, said of the recent report: "Cybercriminals are keen to arm new and old vulnerabilities and the number of services now available on underground markets has drastically increased their effectiveness … Emerging trends on underground markets and hidden forums allow the information security community to defend itself against current attacks and stay one step ahead of those of our future. "
Last month, McAfee Labs announced that it detected malware for Monero mining, called WebCobra, and that this was traced to hackers from Russia.
With the prices of many cryptocurrencies declining in 2018, the amount of energy required for mining has proved unprofitable, especially for those who use more efficient ASIC chips (application-specific integrated circuits).