Cryptojackers Making Secondary Income Off Security Data Seizures: Report

As monero's price fell in 2018, cryptojackers innovated by stealing user data like passwords and IP addresses.

AccessTimeIconAug 8, 2019 at 1:00 a.m. UTC
Updated Sep 13, 2021 at 11:17 a.m. UTC

In the wake of lower cryptocurrency prices, ghost mining hackers are turning to metadata seizures.

In a report issued today, cybersecurity firm Carbon Black says a well-known 2018 monero crypto mining botnet contained a secondary component capable of seizing IP addresses, domain info, usernames, and passwords. Dubbed “Access Mining,” Carbon Black researchers Greg Foss and Marian Liang say the 2018 botnet campaign has been collecting secret data for the past two years, making millions in the process.

According to reports at the time, 500,000 machines were trojanized with a monero cryotojacking mining protocol, XMRig, collecting 8,900 monero.  Most infected machines resided in Russia, Eastern Europe, and Asian Pacific.

Unbeknownst at the time, the 500,000 computers were not only hacked with the ghost protocol but also data collection software. A patchwork of programs taken from open-source code on GitHub like Eternal Blue and Mimikatz implemented on XMRig helped the hackers innovate, the report states.

The hackers turned the security data into a secondary source of income. With one infected machine selling for an average of $6.75 on dark web markets, the 500,000 haul is worth $1.69 million. Infected machines can even be rented for 24 to 48 hours as a source of passive income for hackers. Depending on the machine’s location and owner, machine values can skyrocket.

At $90 per monero coin, the group’s assets sit near $3.29 million Carbon Black says.

Foss and Liang say Access Mining is more than likely the result of dropping monero prices following the 2018 bear market. Following their report, the firm issued a series of tips for addressing possible concerns.

Image via CoinDesk archives


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.