In the cat-and-mouse game between hackers and users, less-lucrative crypto-mining malware fell out of favor this year.
While security experts at Kaspersky found that the number of "unique malicious objects" rose by 13.7 percent – led in part by a 187 percent increase in so-called web-skimmer files, malware designed to steal credit card information – the total number of mining malware infections fell drastically.
Web-miner infections were down 59 percent year-over-year, from 5,638,828 infected machines to 2,259,038. However, malware like Trojan.Script.Miner.gen, Trojan.BAT.Miner.gen and Trojan.JS.Miner.m are still on the list of top 20 threats. These apps force a user's computer to mine cryptocurrency, bogging down the user's computer and essentially stealing electricity.
"We have observed that the number of 'common' attacks against home users is slightly decreasing, but that the number of 'loud' public cases of crypto-ransomware infections is growing – for example, just two days ago New Orleans was hit by a ransomware," said Denis Parinov, a security analyst for Kaspersky.
Parinov believes the hackers involved in mining are moving on to more lucrative opportunities. Interestingly, the company found that even phone scammers were requesting prepaid debit card ransoms rather than cryptocurrencies.
"[Mining attacks] have lost their popularity due to lower profitability and cryptocurrencies’ fight against covert mining," Kaspersky's head of anti-malware research, Vyacheslav Zakorzhevsky, said in a statement.
A few things changed on the security landscape to push crypto into a corner.
"One of the most well-known web-mining services, Coinhive, declared that it is no longer economically viable," he said. "This is due to the Monero hard fork and the severe drop of XMR cost on the market. We suspect this is caused by the market and community reaction to the fact that web mining has been used without user consent in most cases."
The company found that while crypto-mining attacks fell, there was still interest in crypto-ransomware attacks.
"Crypto-miners and crypto-ransomware operators are still in the game, but their focus appears to have moved to targeted attacks," said Parinov.
Parinov warns that mining attacks still exist and that users should remain vigilant. He reminded users to watch for unusual network activity or PC slowdowns.
"The main symptom is the slowing down of overall computer or process performance – some freezes or errors can appear on the PC," he said. "Additionally, crypto mining requires specific network interactions, but these may be hard to spot for the regular PC user."
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.