Kaspersky Lab researchers have identified a fraud scheme that secretly distributed and installed mining software on users' computers through pirated software widely used for work and play (such as photo and text editors). Computers were then exploited for the creation of cryptocurrencies and all the profit made went to the criminals.
As the cryptocurrency market continues to churn with huge increase in the number and value of investments, more criminals are also following its development. The greatest interest is very convenient for cyber criminals, as it becomes easier to deceive ordinary users, who do not know IT very well.
Cryptocurrency miners were one of the biggest trends of 2017, according to the annual Kaspersky Security Bulletin. This trend was predicted last year by researchers at Kaspersky Lab, who predicted a comeback in mining software amid the rising popularity of Zcash. Just a year later, miners are everywhere. Criminals are using a variety of techniques and tools, such as social engineering campaigns or exploiting pirated software, to affect as many computers as possible.
As an example of this latter method of fraud, experts at Kaspersky Lab recently discovered several similar websites that offered to download free pirated software, including popular programs and applications. To increase users' trust, criminals use domain names similar to real ones. After downloading a software, the user receives a compressed file that also contains a mining program. This program is automatically installed together with the desired software.
The installation zip file includes text files with boot information such as wallet addresses and mining pools. The mining pool is a server that brings together several participants and distributes the mining task among their computers. In return, participants receive their share of the cryptocurrency being mined, much faster than if they just used their own computer. Due to the particularities of the architecture, currently mining Bitcoins and other cryptocurrencies is an operation that requires a lot of resources and time, so these pools significantly increase the productivity and speed of generating cryptocurrencies.
Once installed, the miners start working silently on the victim's computer, generating encrypted money for the criminals. According to Kaspersky Lab research, in all cases they used software from the NiceHash project, which recently suffered a major cybersecurity breach, resulting in the theft of millions of dollars worth of cryptocurrency. Some of the victims were associated with a mining pool of the same name.
In addition, experts found that some miners contained a special feature that allows the user to remotely change the wallet number, pool or miner. This means that, at any time, criminals can set another destination for the cryptocurrency and thus manage their earnings, distributing mining flows between wallets or even making the victim's computer work for another mining pool.
“While not considered malicious, mining software reduces device system performance, which inevitably affects the overall user experience. It also increases the victim's electric bill; it's not such a major effect of the fraud scheme, but it's still unpleasant," said Alexander Kolesnikov, malware analyst at Kaspersky Lab. "Of course, some people may not mind knowing that strangers are getting rich at their expense, but we recommend that users resist, as even if they are not carried out using standard malicious software, these activities are fraud."
As the cryptocurrency market continues to churn with huge increase in the number and value of investments, more criminals are also following its development. The greatest interest is very convenient for cyber criminals, as it becomes easier to deceive ordinary users, who do not know IT very well.
Cryptocurrency miners were one of the biggest trends of 2017, according to the annual Kaspersky Security Bulletin. This trend was predicted last year by researchers at Kaspersky Lab, who predicted a comeback in mining software amid the rising popularity of Zcash. Just a year later, miners are everywhere. Criminals are using a variety of techniques and tools, such as social engineering campaigns or exploiting pirated software, to affect as many computers as possible.
As an example of this latter method of fraud, experts at Kaspersky Lab recently discovered several similar websites that offered to download free pirated software, including popular programs and applications. To increase users' trust, criminals use domain names similar to real ones. After downloading a software, the user receives a compressed file that also contains a mining program. This program is automatically installed together with the desired software.
The installation zip file includes text files with boot information such as wallet addresses and mining pools. The mining pool is a server that brings together several participants and distributes the mining task among their computers. In return, participants receive their share of the cryptocurrency being mined, much faster than if they just used their own computer. Due to the particularities of the architecture, currently mining Bitcoins and other cryptocurrencies is an operation that requires a lot of resources and time, so these pools significantly increase the productivity and speed of generating cryptocurrencies.
Once installed, the miners start working silently on the victim's computer, generating encrypted money for the criminals. According to Kaspersky Lab research, in all cases they used software from the NiceHash project, which recently suffered a major cybersecurity breach, resulting in the theft of millions of dollars worth of cryptocurrency. Some of the victims were associated with a mining pool of the same name.
In addition, experts found that some miners contained a special feature that allows the user to remotely change the wallet number, pool or miner. This means that, at any time, criminals can set another destination for the cryptocurrency and thus manage their earnings, distributing mining flows between wallets or even making the victim's computer work for another mining pool.
“While not considered malicious, mining software reduces device system performance, which inevitably affects the overall user experience. It also increases the victim's electric bill; it's not such a major effect of the fraud scheme, but it's still unpleasant," said Alexander Kolesnikov, malware analyst at Kaspersky Lab. "Of course, some people may not mind knowing that strangers are getting rich at their expense, but we recommend that users resist, as even if they are not carried out using standard malicious software, these activities are fraud."
EN 
PT 
