Cryptomining Malware Targets Back-to-School Students With Fake Textbooks

Security experts have found thousands of pieces of malware on ebook download sites.

AccessTimeIconSep 5, 2019 at 8:00 p.m. UTC
Updated Sep 13, 2021 at 11:25 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Security software provider Kaspersky has identified a form of cryptomining malware that has taken root in multiple sites where pirated textbooks are upload and downloaded. The delivery agent, WinLNK.Agent.gen, has been active since 2011 but now its payload is a bit more lucrative for the folks who spread it.

The malware masquerades as a book or essay packed in an executable file which allows the hacker's command-and-control system to send other pieces of malware, including cryptominers and spam delivery systems, onto an infected computer. How do we know the malware is targeting students? Kaspersky watched its logs and saw "233,000 cases" of malicious essays and "122,000 attacks by malware that was disguised as textbooks."

"More than 30,000 users tried to open these files [this year]," they wrote.

Downloading out-of-copyright ebooks and library books is quite simple and safe so this malware targets harder-to-find textbooks. Our own quick Google search found a number of ebook versions of various beginning college texts that cost $150 or more online. While most of them were PDFs, there were a number of executable files that were flagged as malware.

Far more pernicious, interestingly, are the ads masquerading as download links that send you to malware sites rather than the correct PDF or ePub file. While you can save money pirating these books online – when you can find them – it's clear the results can sometimes be nasty.

Skull image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.

Read more about