Report: Bitcoin Targeted in 22% of Financial Malware Attacks

Security firm Kaspersky Lab says bitcoiners are a popular choice of victim in malware attacks aimed at personal finances.

AccessTimeIconAug 6, 2014 at 12:34 p.m. UTC
Updated Dec 10, 2022 at 7:59 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Security firm Kaspersky Lab has found that bitcoin is the target in more than one fifth of all malware attacks aimed at victims' money.

According to Kaspersky's latest threat report, entitled ' IT Threat Evolution Q2 2014’, bitcoin mining malware accounted for 14% of attacks in the second quarter of 2014, while bitcoin wallet stealers accounted for 8%.

Keyloggers, which can be used to compromise both bitcoin and banking services, also made the list, with 4% of all attacks attributed to various forms of key logging malware.

Traditional banking malware still leads the way with 74%, but considering the size of the bitcoin economy it is clear that bitcoin users and operators face a significant likelihood of being subjected to an attack.

Bitcoin attacks declining

"Fraudsters are also happy to use computing resources to generate crypto currency: bitcoin miners account for 14% of all financial attacks," the report warns. "Criminals also use keyloggers to collect user credentials for online banking and payment systems in another bid to access bank accounts."

Although the figures are disturbing, the relative number of bitcoin-related malware attacks has actually gone down since Kaspersky's last annual report.

In the 2013 report, bitcoin wallet stealers accounted for 20.18% of all financial malware attacks, while mining malware accounted for 8.91%, giving a combined total of 29%.

In the meantime, the number of threats has gone down, but the threat landscape has evolved – as wallet stealers fell out of favour, mining malware took their place as the predominant form of bitcoin-related malware.

The rise and fall of mining malware

Several security firms have issued reports mentioning bitcoin malware in recent months, with the number of attacks rising sharply since early 2013 in parallel with bitcoin's massive peak in popularity.

Malware makers have been experimenting with various forms of bitcoin malware, ranging from programs designed to create elaborate mining botnets, to ransomware like CryptoLocker that uses bitcoin as a form of payment.

Fortunately, it did not take long for security firms and the authorities to catch up. Numerous bitcoin mining botnets have been dismantled since late 2013, including CryptoLocker in June.

Even without law enforcement and security specialists dedicated to combating financial malware, bitcoin mining malware is facing an uphill struggle as it is essentially an obsolete concept, thanks to basic maths and economics, rather than a concerted effort to combat the spread of mining malware.


McAfee's latest report found that bitcoin mining botnets are going mainstream due to the widespread availability of mining malware online, but it also said that they are obsolete and practically futile.

The simple fact is, bitcoin's difficulty level is simply too high to effectively mine bitcoin on non-specialised hardware. So, although mining malware is abundant and cheap to procure, it is being increasingly redundant with each new bitcoin difficulty cycle.

Furthermore, enabling cryptocurrency mining functionality on a botnet can easily alarm the users of infected systems, drastically increasing botnet attrition in the process. In other words, rather than making money, botnet operators who decide to use mining malware run the risk of having their operations discovered and losing potential profits through attrition.

Malware image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.