Cryptomining Botnets: A Threat to Your Security

Blockchain currencies like Bitcoin create new blocks and new currency by a process called “mining” or “cryptomining.”

That means discovering new valid blocks by a process which, by design, takes a lot of computing. It keeps the blockchain going in a controlled way, and it lets miners get some revenue.

It’s especially profitable to people who use someone else’s computers, without their consent, for mining. They try to break the security of networks to install cryptomining software. Instead of stealing data from you, they’re stealing computing power. Each computer generates only a little income, but when they can pull thousands of machines into a botnet, they get an impressive revenue stream.

The Risks

Unauthorized mining has been going on for several years, but it’s only since 2017 that it’s been a major issue. The biggest mining botnets have pulled in millions of dollars.

If you get infected by this type of software, you might not notice. It’s technically not malware, except for the fact that it shouldn’t be on your computer. People use the same software for legitimate mining. Security software often can’t detect it, but it costs you in several ways.

Unauthorized mining can slow down your computers. Since computers performing active tasks consume more energy than idle ones, it increases your electric bill. If it has bugs, it can make your computers crash more often. It could create security holes and load more nasty software onto your machines.

Some kinds of software can grab a computer’s processing cycles for mining without even breaking its security. A controversial Web application called Coinhive runs code on browsers to do mining. When the site owner says so up front and uses it instead of ads to fund the site, it’s generally considered OK. When the site doesn’t tell you, it’s a dubious practice. When miners surreptitiously install the application on other people’s websites, they steal processing power from anyone who accesses them. The code can sneak in through ads; Trend Micro reports that mining code has been found in ads on YouTube.

Servers and desktop machines do the best job of mining, but crooks will grab computing power wherever they can. Sophos Labs has reported several kinds of mining malware that run on Android phones. An infected phone will run slower and drain its battery faster.

Keeping the Miners Out

The methods for guarding against unauthorized cryptomining are basically the methods for keeping your network generally secure. Configure your firewall well. Use up-to-date security software. Block spam and teach employees to be careful about their email. Install all security patches.

System and network monitoring is a valuable tool for detecting surreptitious mining code. If a system has unusually high CPU usage when it should be idle, that could be a sign. Security software can detect and remove some known forms of mining code. Network monitoring may be able to recognize mining traffic.

Blockchain mining might seem harmless compared to ransomware and data theft, but it adds to your costs if it’s left uncaught. It can open the way to other threats to your systems. A secure network needs to watch out for it, along with all the other threats it faces.