Botnets Are Being Repurposed for Crypto Mining Malware: Kaspersky

A security bulletin released by Kaspersky Labs states that botnets are increasingly being used to distribute illicit crypto mining software.

AccessTimeIconNov 29, 2018 at 5:00 a.m. UTC
Updated Sep 13, 2021 at 8:38 a.m. UTC

A security bulletin released by Kaspersky Labs states that botnets are increasingly being used to distribute illicit crypto mining software.

, analysts for the cybersecurity firm said Wednesday that the number of unique users attacked by crypto miners grew dramatically in the first three months of 2018. Such malware is designed to secretly reallocate an infected machine's processing power to mine cryptocurrencies, with any proceeds going to the attacker.

According to Kaspersky, more users were infected in September than in January and "the threat is still current," though it is unclear whether the recent collapse in the crypto markets' prices will have an impact on the infection rate.

The firm's analysts said that a noticeable drop in distributed denial of service (DDoS) attacks may be attributable to "the 'reprofiling' of botnets from DDoS attacks to cryptocurrency mining."

As the note detailed:

"Evidence suggests that the owners of many well-known botnets have switched their attack vector toward mining. For example, the DDoS activity of the Yoyo botnet dropped dramatically, although there is no data about it being dismantled."

A possible explanation for cybercriminals' increased interest in crypto-mining may lie in the fact that once the malware is distributed, it's difficult for victims and police to detect.

Of the various types of software identified and cataloged, most reconfigure a computer's processor usage to allocate a small amount to mining, keeping users from noticing.

The organization further looked into reasons for the prevalence of this type of malware in some regions over others, concluding that regions with a lax legislative framework on pirated and illicitly distributed software are more likely to have victims of cryptojacking.

U.S. users were the least affected by the attacks, constituting 1.33 percent of the total number detected, followed by users in Switzerland and Britain. However, countries with lax piracy laws like Kazkhstan, Vietnam and Indonesia topped the list.

"The more freely unlicensed software is distributed, the more miners there are. This is confirmed by our statistics, which indicates that miners most often land on victim computers together with pirated software," the report said.

Image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.