Cryptomining Malware Targets Back-to-School Students With Fake Textbooks

Security experts have found thousands of pieces of malware on ebook download sites.

AccessTimeIconSep 5, 2019 at 8:00 p.m. UTC
Updated Sep 13, 2021 at 11:25 a.m. UTC

Security software provider Kaspersky has identified a form of cryptomining malware that has taken root in multiple sites where pirated textbooks are upload and downloaded. The delivery agent, WinLNK.Agent.gen, has been active since 2011 but now its payload is a bit more lucrative for the folks who spread it.

The malware masquerades as a book or essay packed in an executable file which allows the hacker's command-and-control system to send other pieces of malware, including cryptominers and spam delivery systems, onto an infected computer. How do we know the malware is targeting students? Kaspersky watched its logs and saw "233,000 cases" of malicious essays and "122,000 attacks by malware that was disguised as textbooks."

"More than 30,000 users tried to open these files [this year]," they wrote.

Downloading out-of-copyright ebooks and library books is quite simple and safe so this malware targets harder-to-find textbooks. Our own quick Google search found a number of ebook versions of various beginning college texts that cost $150 or more online. While most of them were PDFs, there were a number of executable files that were flagged as malware.

Far more pernicious, interestingly, are the ads masquerading as download links that send you to malware sites rather than the correct PDF or ePub file. While you can save money pirating these books online – when you can find them – it's clear the results can sometimes be nasty.

Skull image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.

Read more about