Crypto-Mining Attacks Fell Sharply in 2019 but Ransomware Is Trending: Kaspersky

In the cat-and-mouse game between hackers and users, less-lucrative crypto-mining malware fell out of favor this year.

AccessTimeIconDec 18, 2019 at 3:00 a.m. UTC
Updated Sep 13, 2021 at 11:50 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

In the cat-and-mouse game between hackers and users, less-lucrative crypto-mining malware fell out of favor this year.

While security experts at Kaspersky found that the number of "unique malicious objects" rose by 13.7 percent – led in part by a 187 percent increase in so-called web-skimmer files, malware designed to steal credit card information – the total number of mining malware infections fell drastically.

Web-miner infections were down 59 percent year-over-year, from 5,638,828 infected machines to 2,259,038. However, malware like Trojan.Script.Miner.gen, Trojan.BAT.Miner.gen and Trojan.JS.Miner.m are still on the list of top 20 threats. These apps force a user's computer to mine cryptocurrency, bogging down the user's computer and essentially stealing electricity.

"We have observed that the number of 'common' attacks against home users is slightly decreasing, but that the number of 'loud' public cases of crypto-ransomware infections is growing – for example, just two days ago New Orleans was hit by a ransomware," said Denis Parinov, a security analyst for Kaspersky.

Parinov believes the hackers involved in mining are moving on to more lucrative opportunities. Interestingly, the company found that even phone scammers were requesting prepaid debit card ransoms rather than cryptocurrencies.

"[Mining attacks] have lost their popularity due to lower profitability and cryptocurrencies’ fight against covert mining," Kaspersky's head of anti-malware research, Vyacheslav Zakorzhevsky, said in a statement.

Monero's role

A few things changed on the security landscape to push crypto into a corner.

"One of the most well-known web-mining services, Coinhive, declared that it is no longer economically viable," he said. "This is due to the Monero hard fork and the severe drop of XMR cost on the market. We suspect this is caused by the market and community reaction to the fact that web mining has been used without user consent in most cases."

The company found that while crypto-mining attacks fell, there was still interest in crypto-ransomware attacks.

"Crypto-miners and crypto-ransomware operators are still in the game, but their focus appears to have moved to targeted attacks," said Parinov.

Parinov warns that mining attacks still exist and that users should remain vigilant. He reminded users to watch for unusual network activity or PC slowdowns.

"The main symptom is the slowing down of overall computer or process performance – some freezes or errors can appear on the PC," he said. "Additionally, crypto mining requires specific network interactions, but these may be hard to spot for the regular PC user."


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.