Zombie mining: hackers use botnets to mine cryptocurrency

The latest malicious software (malware) enslaves infected computers and makes them mine cryptocurrency while the owner of the PC doesn’t even know what’s going on. This type of virus becomes increasingly popular in the Dark Web and other hacker meeting spots. Kaspersky Lab tells that it has detected several large botnets with thousands of infected computers in each one, and these botnets are used for mining purposes. The company’s representatives also note that there has been a growth of attempts to install mining programs on the servers of different corporations. A mining network like this gives $30,000 a month, the experts calculated.

The most popular cryptocurrencies for this “dark mining” are Monero and Zcash. Mining viruses are often installed when posing as a freeware or shareware installation programs or cracks and keygens for popular, but expensive software. However, there are other means – the EternalBlue exploit, for example, gives the hackers an opportunity to use the computing power of a server, which is more beneficial for mining than a regular office PC.

Mining itself is not illegal and it’s not easy to determine which computer mines the digital currency because some hacker hijacked its capacity, and which does so with the full user consent. It is also hard to clean these viruses, as hackers often provide additional counter-antivirus measures, ensuring that their virus evades detection.

As Evgeniy Lopatin, the analyst from Kaspersky Lab, explains: “As always, malefactors use every chance to gain profit illicitly, and their means to do so always evolve. The evolution of the cryptocurrency market has, too, opened up new opportunities for cyber criminals, but to use them fully, they need the computing capacity of others’ PCs. This hidden mining boom can be partly explained by the fact that the digital currency market is still being born, and it’s much easier to make money here.”