Cryptocurrency-Mining Malware

 
 

KNOWN CRYPTOCURRENCY-MINING MALWARE

Latest New Variants
Kingminer
Kingminer
Rocke
Rocke
PyRoMineIoT
PyRoMineIoT
ADB.Miner
ADB.Miner
Prowli
Prowli
PyRoMine
PyRoMine
MassMiner
MassMiner
WinstarNssmMiner
WinstarNssmMiner
Xbooster
Xbooster
Kitty
Kitty
FacexWorm
FacexWorm
HiddenMiner
HiddenMiner
Loapi
Loapi
MulDrop
MulDrop

The below list is not exhaustive and is meant to provide an overview of the most prevalent cryptocurrency-mining malware impacting US victims. This page is updated regularly with new information.

WHAT IS CRYPTOCURRENCY?

Cryptocurrency is digital currency, also known as virtual currency, that uses cryptography to secure and verify transactions and regulate the creation of new units. Like other currencies, it is often considered a commodity that can be used to pay for goods or services. Unlike other currencies, many cryptocurrencies use blockchain technology to manage and record transactions. The blockchain is a public ledger that uses encryption to verify the transfer of funds, providing secure and anonymous payments. Information on the blockchain is publicly available and verified by millions of computers simultaneously, preventing the ability of an individual to corrupt the data undetected. Most cryptocurrencies have a finite supply; their source code discloses the number of units that exist, resulting in the perception that cryptocurrencies are more precious than other currencies.

Top cryptocurrencies by market capitalization:

  • Bitcoin (BTC)

  • Litecoin (LTC)

  • Monero (XMR)

  • Etherium (ETH)

  • Zcash (ZEC)

WHAT IS CRYPTOCURRENCY-MINING?

Mining is the process used to add new units of cryptocurrency into the market. Mining nodes, controlled by “miners,” group outstanding transactions into blocks and add them to the blockchain by solving complex mathematical equations. The equation is solved by finding a number that, when combined with data in the block and then hashed, produced an output between a certain range. This number is guessed at random; therefore, the more processing power under the control of a miner, the greater their chances of solving the equation as more answers can be attempted in a shorter timeframe. The first miner to solve the equation is credited with cryptocurrency as a reward. As the cryptocurrency in circulation approaches its supply limit mining the mathematical complexity to mine new units becomes increasingly difficult, thus requiring more processing power.

WHAT IS CRYPTOCURRENCY-MINING MALWARE?

Cryptocurrency-mining malware is malicious software designed to use a device’s CPU power to mine cryptocurrency without authorization. Threat actors deploy this malware to increase their aggregated computing power for mining cryptocurrency, ultimately boosting their chances of solving the equation and earning cryptocurrency without added cost to the threat actor. Cryptocurrency-mining malware may go unnoticed on a device as it often only uses CPU power, appearing to users as though the device is simply running slower than usual. However, cryptocurrency-mining malware has the potential to render a device unresponsive and/or unavailable to legitimate processes by exhausting the system’s CPU and memory resources. Cryptocurrency-mining malware can infect any range of devices, including: laptops, desktops, servers, and mobile and IoT devices.

INFECTION METHODS

Cryptocurrency-mining malware can infect a user’s device through several means, including: clicking a malicious link, visiting a compromised website, downloading an infected application, downloading a malicious file, or installing an infected web browser extension.

 

RESOURCES

RECOMMENDATIONS TO MITIGATE CRYPTOCURRENCY-MINING MALWARE THREATS

  • Use web browsers that proactively block cryptocurrency-mining script or install a reputable ad-blocking, script-blocking, and coin-blocking extension in your current browser.

  • Implement a Defense-in-Depth cybersecurity strategy.

  • Use a reputable antivirus or antimalware program and set to update automatically.

  • Disable JavaScript in your web browser.

  • Only download software and files from legitimate sources.

  • Thoroughly review the terms of service for all application and web browser extensions.

  • Use a reputable antivirus or antimalware solution to scan all files and programs before downloading them to your device.

  • Keep operating system and software up-to-date.

  • If you notice slowed device performance, run a full system scan using a reputable antivirus or antimalware solution.

  • Never open email attachments or click links in suspicious or unexpected emails.

  • Avoid clicking online advertisements or pop-ups.

  • Avoid illegitimate or suspicious websites.

  • Monitor the process list on your device to ensure only authorized processes are running.

REPORTING

If you or your organization is the victim of a cryptocurrency-mining malware infection, please report it to the NJCCIC using the Cyber Incident Reporting form on our website. Victims can also report incidents via email at NJCCIC@cyber.nj.gov or phone at 609.963-6900 extension 7865.