Malicious software that engages in cryptocurrency mining on unsuspecting users’ computers is on the rise. Furthermore, such cryptocurrency mining malware is increasingly finding its way into corporate networks, according to WatchGuard Technologies.
The network security company made the conclusion after analysing threat intelligence from its network of security devices deployed in corporate environments around the world. It found widespread evidence of malware designed to deliver cryptocurrency mining software on enterprise networks, including those of small and medium-sized businesses. The company has published the findings in its 2018 Internet Security Report.
Earlier this year, it was reported that 30% of networks worldwide have experienced compromise attempts by cryptocurrency mining malware targeting web servers. Among the top countries targeted were the US, the UK, Germany, Norway and Sweden.
“Our Threat Lab team has uncovered multiple indicators that suggest malicious crypto miners are becoming a mainstay in cybercriminals’ arsenals and will continue to grow more dominant,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies.
“While ransomware and other advanced threats are still a major concern, these new crypto-miner attacks illustrate that bad actors are constantly adjusting their tactics to find new ways to take advantage of their victims.”
Such cryptocurrency mining malware is likely to be on the rise due to the growing value of cryptocurrencies such as Bitcoin.
How cryptocurrency mining malware is targeting Linux
The issue is particularly widespread on the Linux operating system. Linux is commonly used in enterprise environments for a host of applications, including web servers and database servers.
WatchGuard found that 98.8% of the most common variants of malware targeting systems running Linux were designed to sneak cryptocurrency mining software onto infected systems.
This malware essentially forces Linux computers to download and run a malicious miner known as Monero, consequently eating up the computer’s CPU behind the scenes.
This means that while Monero runs silently in the background, it consumes a computer’s resources. This consumption may leave the computer in a near-unusable state, and may cause browser crashes, system instability or poor performance.
For enterprises, this is a particular concern, as it can lead to issues with the rate staff can work and the performance of vital infrastructure.
Cryptocurrency mining malware is also on Windows and the web
Away from Linux, cryptocurrency mining malware is also increasingly common on computers running the Windows operating system. WatchGuard listed it as the 24th biggest malware threat in its Internet Security Report. The company also noted that many common antivirus programs were unable to catch such malware due to the way it has been designed.
“Once again, we saw nearly half of all malware slip past basic signature-based antivirus solutions due to various obfuscation methods,” said Nachreiner.
“One way every organisation can become more secure against these sophisticated, evasive threats is to deploy defences enabled with advanced malware prevention.”
Websites can also turn the computers of unsuspecting visitors into cryptocurrency mining machines. The report has specifically identified an increase in websites that try to steal computer resources to mine cryptocurrency in the background, while the user visits a particular site.
Could your computer be infected?
One of the most common signs of all cryptocurrency mining malware is the slowdown of the affected computer.
Other signs can include annoying ads showing up on the screen; pop-up messages; an increase in internet traffic; security solutions disabling themselves; unfamiliar icons on the desktop; unusual error messages or the inability to access the computer’s control panel.