Cryptojacking Malware Is Stealing Millions

Cryptojacking Malware Is Stealing Millions
Cryptojacking Malware Is Stealing Millions
INVESTORS3
.

Chainalysis has published a report, stating that cryptojackers are by far the most successful malware type to steal crypto assets.

5% of all Monero mining through cryptojackers

Cryptojackers refers to a type of malware that is installed unknowingly on a victim’s device and steals the device’s computing power to mine crypto assets. The report describes the difficulties of identifying the transactions that benefit the attackers:

Since funds are moving directly from the mempool to mining addresses unknown to us, rather than from the victim’s wallet to a new wallet, it’s more difficult to passively collect data on cryptojacking activity the way we can other forms of cryptocurrency-based crime. However, we know it’s a big problem.

Although Chainalysis admits that likely not all of these transactions could be correctly identified, at least 73% of all revenue from crypto-related malware comes from cryptojackers. It is estimated that cryptojacking contributes 5% of Monero’s total hashrate.

While not overly malicious in itself, cryptojackers often connect to a command-and-control server that may install other types of malware as well. One of the botnets identified by Chainalysis uses encoded messages on the Bitcoin blockchain to update its command-and-control servers, in order to evade being shut down by the authorities.

800 USD for an infostealer bot

The second-largest source of illicit revenue from malware comes from Trojans, followed by infostealers and clippers. The lines between these malware types become blurred, though, since Trojans are often used as a gateway to download other types of malware as well. 

Infostealer refers to any type of software that is used by hackers to steal private information, such as account credentials or private keys. The report notes how the infostealer Redline is offered through a Russian hacker forum for a price of 800 USD. 

Clippers are used to alter the content of the victim’s clipboard. Hackers use this malware type to inject their own address whenever a victim copies a wallet address, thus rerouting the transaction to their wallet. It is therefore advisable to always double-check the recipient address before sending off any crypto transaction.