It has been more than a century since the so-called “Klondike Gold Rush” broke out in Alaska. Many tried their luck as treasure hunters and set out under the most difficult conditions in search of the coveted precious metal. Since then, a lot has happened and real gold diggers are mostly only to be found in adventure stories. For in the age of the Internet and with the development of digital currencies, new, much more attractive ways of supposedly making quick and big money have emerged. One of them has a surprising amount in common with the legendary Klondike Gold Rush: “crypto mining” or “digging cryptocurrencies”.

The procedure of illegal crypto mining

Cryptocurrencies have become established as a legitimate means of payment. Since the payment units called “Bitcoin” or “Monero” are neither issued by states nor banks, they have to be generated and transferred in a different way. This process, called “mining,” can be done by the users themselves, using computers. But it is not that simple: In order for the digital currencies to be generated, the systems must solve complex algorithmic tasks. The more units to be generated, the more complex the calculation tasks. The exchange of currencies is organized on a decentralized basis and can be handled directly between users via the blockchain using a peer-to-peer network.

The following motto for miners is derived from this: With more computing power, the tasks can be solved faster and at the same time this means more Bitcoins, Moneros and co. Here, lot of system resources are used, which is why the graphics card and the processor are put under considerable stress. In addition, the computationally intensive process brings with it immense power consumption. Conversely, this leads to high electricity prices and the heavy wear on hardware often makes crypto mining unprofitable – especially when the exchange rate is just not playing along.

High profit margins thanks to botnet

As a result, criminal crypto miners have developed various methods to circumvent the high electricity prices found in industrialized countries in particular. One variant is the large-scale mining of cryptocurrencies in countries with extremely low energy prices. For this purpose, entire data centers are set up in countries such as Iceland, Georgia and Venezuela, which are only used for the generation of cryptocurrencies.

Due to the immense power consumption, crypto mining, especially in this country, can only be deemed “lucrative” with the help of botnets. The idea behind this is that cybercriminals can combine the computing power of the computers embedded in a bot network and use them for free. Through a command-and-control server, they gain central control over all devices integrated in the bot network – but how do they do it?

How Cybercriminals send a crypto-miner into the system

In order to make a computer part of a botnet, cybercriminals first have to get “dropper” software into the computer. Regarding the distribution channels, there are no limits to the creativity of digital criminals. The dropper usually reaches the targeted devices via infected websites, but combining it with spam emails is also a popular distribution channel. Here, cybercriminals send spam to a large number of email addresses, hoping that recipients will click on the link contained in the email. On the infected web pages, the dropper is silently downloaded in the background and then executed. The dropper itself does not pose the real danger, because it first downloads the crypto miner and a special tool, which gives instructions to the miner.

For example, the tool can tell the crypto miner to slow down its activities as soon as a resource-hungry application starts. So it is less likely that the victim will notice the fraud. But that’s not all: Some versions of the malware even have the ability to disable antivirus programs and restore the miner when an application tries to remove it. IT security experts believe that some bot networks can sometimes bring in up to $200,000 per month.

What is the current threat situation?

As late as 2018, crypto miners were right at the top of cybercrime’s malware popularity scale – ahead of the well-known blackmail ransomware scam. A crypto miner is used in 9.7% of all recorded malware attacks overall, according to the cyberthreat report by Hornetsecurity. In numbers, that equates to around 29 million out of a total of 300 million malware attacks worldwide. At AV specialists GDATA, three versions of crypto miners were among the top 10 repelled malware programs. But currently the cryptocurrencies are weakening. In particular, the Bitcoin price is like a rollercoaster ride. As a result, the use of crypto mining for cybercriminals is of course not nearly as effective as the previous boom of Bitcoin and co. in December 2017 – but at the same time does this mean that illegal crypto mining is just a fad and the great hype is long gone?

Quite the contrary, because renowned financial experts are sure: At the moment, it is simply a bubble and as soon as it bursts, the investment in digital money will skyrocket again. Bitcoin expert Aaron Lasher goes even further: He believes that a Bitcoin could be worth about 200,000 euros in ten years.

Crypto Mining Infographic by Hornetsecurity

Harvard expert Dennis Porto, who has calculated that the Bitcoin price will rise in the next five years to up to 100,000 euros, backs this up. As crypto mining and the price of cryptocurrencies go hand in hand, illegal crypto mining activities are also likely to increase considerably with the occurrence of this scenario.

Protection in case of emergency: How do I effectively protect myself against crypto miners?

A traditional antivirus program is far from sufficient when protecting against complex malware. You are therefore advised to take other precautions. Since crypto miners can only start their work when an infected file or website is opened, access should be prevented ideally in advance.

This can be ensured in companies, in particular through the use of managed security services. To effectively close the gateway, a combination of spam filters, web filters and Advanced Threat Protection is advised. The spam filter ensures that suspicious emails containing links to infected websites are rigorously filtered out. This way the recipient cannot accidentally click on the malicious link, because the email does not even reach their email inbox.

Advanced Threat Protection intervenes when there is an infected file in the attachment of an email containing, for example, the “dropper” of a crypto miner. The intruder is quarantined and blocked from entering the email inboxes, just like spam emails. When surfing the Internet, a web filter provides security against harmful content. It reliably blocks access to dangerous sites, such as those on which a crypto miner is installed, and informs the user about the threat that lurks there.

The gold rush fever among cybercriminals does not simply have to be accepted like this. The worse it is for cryptocurrency prices and the more users hedge against crypto miners in advance, the less likely one is to fall victim to the scam.