Botnets Are Being Repurposed for Crypto Mining Malware: Kaspersky

A security bulletin released by Kaspersky Labs states that botnets are increasingly being used to distribute illicit crypto mining software.

AccessTimeIconNov 29, 2018 at 5:00 a.m. UTC
Updated Sep 13, 2021 at 8:38 a.m. UTC

A security bulletin released by Kaspersky Labs states that botnets are increasingly being used to distribute illicit crypto mining software.

, analysts for the cybersecurity firm said Wednesday that the number of unique users attacked by crypto miners grew dramatically in the first three months of 2018. Such malware is designed to secretly reallocate an infected machine's processing power to mine cryptocurrencies, with any proceeds going to the attacker.

According to Kaspersky, more users were infected in September than in January and "the threat is still current," though it is unclear whether the recent collapse in the crypto markets' prices will have an impact on the infection rate.

The firm's analysts said that a noticeable drop in distributed denial of service (DDoS) attacks may be attributable to "the 'reprofiling' of botnets from DDoS attacks to cryptocurrency mining."

As the note detailed:

"Evidence suggests that the owners of many well-known botnets have switched their attack vector toward mining. For example, the DDoS activity of the Yoyo botnet dropped dramatically, although there is no data about it being dismantled."

A possible explanation for cybercriminals' increased interest in crypto-mining may lie in the fact that once the malware is distributed, it's difficult for victims and police to detect.

Of the various types of software identified and cataloged, most reconfigure a computer's processor usage to allocate a small amount to mining, keeping users from noticing.

The organization further looked into reasons for the prevalence of this type of malware in some regions over others, concluding that regions with a lax legislative framework on pirated and illicitly distributed software are more likely to have victims of cryptojacking.

U.S. users were the least affected by the attacks, constituting 1.33 percent of the total number detected, followed by users in Switzerland and Britain. However, countries with lax piracy laws like Kazkhstan, Vietnam and Indonesia topped the list.

"The more freely unlicensed software is distributed, the more miners there are. This is confirmed by our statistics, which indicates that miners most often land on victim computers together with pirated software," the report said.

Image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.