It has been more than a century since the so-called “Klondike Gold Rush” broke out in Alaska. Many tried their luck as treasure hunters and set out under the most-difficult conditions in search of the coveted precious metal. Since then, a lot has happened and real gold miners are mostly found only in adventure stories. In the age of the Internet and with the development of digital currencies, new, much more-attractive ways to supposedly make big money fast have emerged. One of them has a surprising amount in common with the legendary Klondike Gold Rush: “crypto mining” or “digging cryptocurrencies.”

Illegal cryptomining

Cryptocurrencies have become established as a legitimate means of payment. Since the payment units called “Bitcoin” or “Monero” are neither issued by states nor banks, they have to be generated and transferred in a different way. This process, called “mining,” can be performed by the users themselves, using computers. But it is not that simple: In order for these digital currencies to be generated, the miners must solve complex algorithmic tasks. The more units to be generated, the more complex the calculation tasks. The exchange of currencies is organized on a decentralized basis and can be handled directly between users via the blockchain using a peer-to-peer network.

The situation for miners is this: With more computing power, the algorithmic tasks can be solved faster and this means more Bitcoins, Moneros and so on. But a lot of system resources are used, which is why the graphics card and the processor are put under considerable stress. In addition, the computationally intensive process results in immense power consumption. The high electric costs and heavy wear on hardware often makes cryptomining unprofitable – especially when the exchange rate is not favorable.


By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

High profit margins thanks to botnet

Clever criminal crypto miners have developed various methods to circumvent the high electricity prices that are especially common in industrialized countries. One variant is the large-scale mining of cryptocurrencies in countries with extremely low energy prices. For this purpose, entire data centers are set up in countries such as Iceland, Georgia and Venezuela that are only used for the generation of cryptocurrencies.

Due to the immense power consumption, cryptomining, especially in this country, can only be considered “lucrative” with the help of botnets. The idea behind this is that cybercriminals can combine the computing power of all the computers embedded in a bot network and use them for free. Through a command-and-control server, they gain central control over all devices integrated in the bot network. But how do they do it?

How Cybercriminals send a cryptominer into the system

In order to make a computer part of a botnet, cybercriminals first have to get “dropper” software into the computer. Regarding the distribution channels, there are no limits to the creativity of digital criminals. The dropper usually reaches the targeted devices via infected websites, but combining it with spam emails is another popular distribution channel. Here, cybercriminals send spam to a large number of email addresses, hoping recipients will click on the link in the email. On the infected web pages, the dropper is silently downloaded in the background and then executed. The dropper itself does not pose the real danger, because it simply downloads the cryptominer and a special tool that gives instructions to the miner.

For example, the tool can tell the cryptominer to slow its activities as soon as a resource-hungry application starts. That way it is less likely the victim will notice the fraud. But that’s not all: Some versions of the malware even have the ability to disable antivirus programs and restore the miner when an application tries to remove it. IT security experts believe that some bot networks can bring in up to $200,000 per month.

What is the current threat situation?

As late as 2018, cryptominers were right at the top of cybercrime’s malware popularity scale – ahead of the well-known blackmail ransomware scam. A cryptominer is used in 9.7% of all recorded malware attacks, according to the annual cyberthreat report by Hornetsecurity. In numbers, that equates to around 29 million out of a total of 300 million malware attacks worldwide. At AV specialists GDATA, three versions of cryptominers were among the top 10 repelled malware programs. But currently the value of cryptocurrencies are weakening. In particular, the Bitcoin price is like a rollercoaster ride. As a result, the use of cryptomining by cybercriminals is not nearly as effective as it was during the boom of Bitcoin and other cryptos in December 2017. But at the same time, does this mean that illegal cryptomining is just a fad and all the hype is long gone?

Quite the contrary, because renowned financial experts see cryptocurrency as a burst bubble that will inflate again. They are confident the investment in digital money will skyrocket in time. Bitcoin expert Aaron Lasher goes even further: He believes that a Bitcoin could be worth about 200,000 euros in 10 years.

Crypto Mining Infographic by Hornetsecurity

Harvard expert Dennis Porto, who has calculated that the Bitcoin price will rise in the next 5 years to up to 100,000 euros, backs this up. As cryptomining and the price of cryptocurrencies go hand in hand, illegal cryptomining activities are also likely to increase considerably with the rise in value.

Protection in case of emergency: How do I effectively protect myself against cryptominers?

A traditional antivirus program is far from sufficient to protect against complex malware. You are therefore advised to take other precautions. Since cryptominers can only start their work when an infected file or website is opened, access should be prevented—ideally in advance.

This can be ensured in companies, in particular through the use of managed security services. To effectively close the gateway, a combination of spam filters, web filters and Advanced Threat Protection is advised. The spam filter ensures that suspicious emails containing links to infected websites are rigorously filtered out. That ensures the recipient cannot accidentally click on the malicious link, because the email does not even reach their email inbox.

Advanced Threat Protection intervenes when there is an infected file in the attachment of an email containing, for example, the “dropper” of a cryptominer. The intruder is quarantined and blocked from entering the email inboxes, just like spam emails. When surfing the Internet, a web filter provides security against harmful content. It reliably blocks access to dangerous sites, such as those on which a cryptominer is installed, and informs the user about the threat that lurks there.

Gold rush fever among cybercriminals does not simply have to be accepted. The more cryptocurrency prices fall and the more users hedge against cryptominers in advance, the less likely it becomes that one will fall victim to the scam.