Cyber-thieves Seek To Cash In On Bitcoin Boom

Bitcoin logoImage copyright AFP
Image caption Bitcoin is valuable but hard to mine so many are now turning to other crypto-coins

Bitcoin's booming value has driven a huge rise in crypto-currency themed malware, say security firms.

In one month, anti-malware software company Malwarebytes said it stopped almost 250 million attempts to place coin-mining malware on to PCs.

Symantec said it had seen a "tenfold" increase in the amount of malicious code connected with crypto-cash.

Cyber-thieves are using both dedicated software, hacked websites and emails to snare victims.

"There's been a huge spike," said Candid Wuest, a threat researcher at online security firm Symantec, adding that it had been caused by the rapid increase in Bitcoin's value.

On 29 November, the value of one Bitcoin surpassed $10,000 (£7,943) - a massive increase on the $1,000 each one was worth at the start of 2017, although that figure has now fallen back sharply.

"With $10,000 being breached, and all the hype, a lot of people are trying to make money with crypto-coins," said Mr Wuest.

Most of the activity seen by Symantec and other security firms involves crypto-coins other than Bitcoin. This was because it took a huge amount of computer power to produce or "mine" bitcoins.

By contrast, he said, mining other crypto-coins such as Monero could be done on desktops, laptops and even smartphones.

Many of these alternative coins had risen in value alongside Bitcoin, said Mr Wuest.

Image copyright Vichai
Image caption Generating crypto-currencies involves lots of computer hardware

Mining involves solving complicated mathematical problems and those who take part can be rewarded with coins. The more machines one person can get mining on their behalf - the more coins they are likely to amass, said Mr Wuest.

Malwarebytes told the BBC that its security software was now, on average, stopping about eight million attempts a day by coin-mining code to compromise users' PCs.

Much of this coin-mining software was found on websites that had been hacked, to give attackers the ability to install their own code. One researcher found almost 2,500 sites hosting mining code.

Other cyber-thieves have hijacked extensions and add-ons for web browsing programs to insert the malicious code. Once on a computer, the malware often runs processors at close to 100% to get as much mining work done as possible. On smartphones, this can mean batteries are depleted very quickly.

Much of the mining malware seen before now relied on using a victim's browser, said Malwarebytes' security researcher Jerome Segura. Attackers had now adapted malware to ensure it mines coins for as long as possible and did not stop when a browsing program was shut down.

"The trick is that although the visible browser windows are closed, there is a hidden one that remains opened," wrote Mr Segura in a blog detailing how the malware works.

The tiny window lurks beneath the taskbar on a Windows machine and would not be noticed by a victim, he said. Adverts that run on porn sites had been found harbouring this malware, he added.

It is not only websites that are being caught up in attempts to cash in on the crypto-cash boom, said Nicole Eagan, chief executive of security firm Darktrace.

Ms Eagan said it had found coin-mining programs of one sort or another on the internal networks of 25% of its customers. Many sought to use the significant computer processing power available inside corporate networks to generate coins.

"Sometimes it's an external intrusion into the network and sometimes its an employee that's looking to do it," she said. "It's rampant at the moment,"

RECENT NEWS

From Chip War To Cloud War: The Next Frontier In Global Tech Competition

The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more

The High Stakes Of Tech Regulation: Security Risks And Market Dynamics

The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more

The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics

Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more

The Data Crunch In AI: Strategies For Sustainability

Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more

Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser

After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more

LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue

In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more