Background

It’s not news that cybercriminals can use malware to steal items of value. Whether it’s encrypting your personal family photos and charging you a ransom to get them back, or targeting ‘big ticket’ items like unreleased Disney movies or popular TV shows (illustrated in this week’s hack of HBO, potentially compromising future episodes of Game of Thrones), anything of value is a potential target.

One area experiencing explosive growth and ever-increasing value in recent years is cryptocurrency. Cryptocurrencies such as Bitcoin, Ethereum, and other altcoins have seen a huge increase in popularity and adoption among users and service providers. These currencies represent nearly $100B of market capitalization, and continue to rise through Initial Coin Offerings (ICO).

With this growth comes unwanted interest from the dark side of the web. Cybercriminals and malware authors are waiting to pounce to get their share, and their tactics are growing ever more sophisticated.

Watch the video: Cylance Versus Cryptocurrency Malware:


VIDEO: Cylance Vs. Cryptocurrency Malware

Why is This an Important Issue?

There are many ways that malware authors can get their hands on your cryptocurrency:

  1. Distribute ransomware and get paid with cryptocurrency
  2. Use cryptocurrency-stealing malware targeting digital wallets
  3. Compromise systems and use those resources for cryptocurrency mining

With the massive growth in computing power, both CPU and more importantly GPU, malware authors can use your computer to do their dirty work for them. Sort of like creating a botnet from thousands of innocent computers hooked up to the Internet, cryptocurrency mining can leach CPU/GPU cycles from thousands of computers at once, to mine and deposit cryptocurrency funds into the author’s digital wallet.

How Can I Get Infected?

Using social engineering techniques, cryptocurrency malware is usually delivered to the user as an executable file - see the example in the video above. The malware’s icon is a plain folder, and, as most people have Windows set to hide file extensions (which is the default setting), users can easily be fooled into launching the file.

When executed, the malware is usually invisible to the end user, even though they may notice their machine may be a little slow at times. But there is nothing clearly visible to alert the user that their machine is compromised, like (for instance) the ransom note that pops up following a ransomware infection.

Why Should I Be Concerned About Cryptocurrency Malware?

Although “mining” a cryptocurrency may be benign in the sense that the end user is not directly harmed, a compromised system is still at risk for the potential introduction of other malware. The malware author may take advantage of the installed backdoor for other purposes, or may simply leave the vulnerability wide open for other more harmful attacks.

And of course, malware authors are not concerned with writing robust software designed to exit gracefully in the event of an error. The unintended loss of data from a system crash is another risk associated with cryptocurrency mining malware infection.

How Does Cylance Protect Me?

Whether malware is introduced to the system by another program, service or even by a user, CylancePROTECT®’s patented pre-execution engine prevents the infection of your computer by not allowing the cryptocurrency malware to execute. CylancePROTECT with Optics gives unprecedented visibility into attacks, reveals hard-to-find threats, and provides simply focused root cause analysis.

Read our Thread Guidance team's report on Cryptocurrency Malware here.