Hackers infect computers with crypto-currency mining malware

News by Rene Millman

Criminals target Zcash in bid to make money from unsuspecting users

Hackers are installing mining malware on victims' machines in a bif to mine a new type of crypto-currency called Zcash.

Zcash is a relatively new crypto-currency, launched at the end of October. According to Kaspersky, the currency appeals to criminals as unlike Bitcoin, Zcash transactions can be shielded to hide the sender, the recipient and value of all transactions. Zcash billed itself as being the “HTTPS” version of Bitcoin.

One Zcash unit of currency is currently worth US$70. Alexander Gostev, chief security expert at Kaspersky, said that Zcash mining remains among the most profitable compared to other crypto-currencies.

“This has led to the revival of a particular type of cyber-criminal activity – the creation of botnets for mining. A few years ago, botnets were created for bitcoin mining, but the business all but died out after it became only marginally profitable,” he said in a blog post.

He noted that in November several incidents where Zcash mining software was installed on users' computers without permission were recorded.

As these software programs are not malicious in themselves, most anti-malware programs do not react to them, or detect them as potentially unwanted programs (PUP). Criminals have so far installed coin mining software under the guise of other legitimate programs, such as pirated software distributed via torrents.

While Gostev said that he hasn't seen any cases of mass-mailings or vulnerabilities in websites being exploited to distribute mining software; however, provided mining remains as profitable as it is now, this is only a matter of time.

“The software can also be installed on computers that were infected earlier and became part of a for-rent botnet,” he said.

He said that approximately 1,000 unique users who have some version of the Zcash miner installed on their computers under a different name, which suggests these computers were infected without their owners' knowledge.

“An average computer can mine about 20 hashes per second; a thousand infected computers can mine about 20,000 hashes a second. At current prices, that equals about $6,200 a month, or $75,000 a year in net profits,” said Gostev.

He added that all hackers need to do to start profiting from a mining program on infected computers is to launch it and provide details of their own bitcoin or Zcash wallets.

“After that, the ‘coin mining' profit created by the pool will be credited to the cybercriminals' addresses, from where it can be withdrawn and exchanged for US dollars or other crypto-currencies,” he said.

Gostev said that it would be straightforward enough to spot a computer running coin mining software.

“A mining program typically devours up to 90 percent of the system's RAM, which dramatically slows down both the operating system and other applications running on the computer. Not exactly what you want from your computer.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews