Miscellaneous 4 min. read

More Than 20% of Financial Malware Attacks Target Bitcoin

More Than 20% of Financial Malware Attacks Target Bitcoin

bitcoin mining malware

According to recent reports, criminals target Bitcoins in more than one-fifth of financial malware attacks. Specifically, Bitcoin miners accounted for 14 percent of all financial attacks, while Bitcoin wallet-stealers accounted for 8 percent in the second quarter of 2014.

Hackers also used keyloggers, or keystroke logging malware, to steal users’ authentication credentials for online payment systems and banking in four percent of financial attacks. While traditional banking malware still accounts for the largest number of monetary attacks at 74 percent, the fact that Bitcoins are targeted in a total of 22 percent of attacks should caution Bitcoin users about this currency’s susceptibility to fraud.

Downward Trend in Bitcoin-Targeted Attacks

Undoubtedly, Bitcoins remain a popular target for virtual financial attacks, but the good news is that these attacks are actually declining. When comparing this year’s figures to those of Kaspersky’s 2013 annual report, you can see the drop in the prevalence of these attacks. The firm’s 2013 report indicated that Bitcoin wallet-stealing malware accounted for 20.2 percent of financial attacks, and Bitcoin mining malware accounted for 8.9 percent.

The landscape of Bitcoin mining obviously changed, with cybercriminals now favoring mining malware over wallet stealing. Still, the percentage of financial attacks targeted at Bitcoins dropped from 29.1 percent last year to 22 percent in 2014.

About Bitcoins

Bitcoins first appeared on the scene in 2008 as a “digital ‘currency’ that allows users to conduct transactions online” without a central bank according to ABC News. Users can obtain Bitcoins through three methods: buying them from an exchange, receiving them for goods and services, and mining for new ones. Mining for Bitcoins means discovering new coins, similar to striking gold.

What Bitcoin Mining Is

To understand the implications of Kapersky’s latest internet security report, you first need to understand how Bitcoin-targeted attacks work. Here, Bitcoin mining refers simply to verifying transactions involving Bitcoins. For instance, say John Doe purchases an iPad from Jane Doe and pays with a Bitcoin. To authenticate the legitimacy of John’s Bitcoin, miners start to double-check the transaction. Miners try to verify multiple transactions simultaneously, not just one. These transactions are compiled into unverified transaction boxes protected by a digital padlock, known as “block chains.” Bitcoin miners then create software to discover the key to that padlock.

Why Mine for Bitcoins

Once the software finds the key, the block unlocks and the transactions therein are verified. As a reward for determining the key, the miner then receives 25 newly created Bitcoins. The average number of attempts requisite to determine the right key is about 1,789,546,951.05 according to Blockchain.info.

With a figure like that, you can imagine the prodigious amount of computing resources necessary to find a correct key, which is where Bitcoin mining malware comes in. Cybercriminals use this form of malware to install Bitcoin-mining programs in the systems of infected users. In this way, criminals can exploit the computing resources of these systems for their personal profit through large-scale mining.

How Miners Infect and Exploit Users’ Systems

Most users fall prey to Bitcoin mining malware through malicious downloads or social media. This malware can also exploit application and/or system weaknesses to cause infection. Specifically, mining malware may be unwittingly downloaded when visiting malicious sites, linked to in a Tweet, or received through a network vulnerability that compels systems to join Bitcoin pools.

Once a user’s system is infected, the malware begins forcing it to create Bitcoins for criminals’ gain. For instance, mining malware might come with several IP addresses that it attempts to access to exchange information, download additional malware, receive revised IP addresses, and get lists of sites on which to wage distributed denial-of-service (DDoS) attacks.

The result is an enormous consumption of the infected systems’ computing power. Infected systems will run more and more sluggishly over time. Although mining malware does not seem to seek out particular users, hackers may prefer to target systems with sophisticated graphics-processing units (GPUs) or video cards since this hardware can process Bitcoins more quickly. As a result, gamers and those who use graphics-heavy applications may be especially vulnerable to Bitcoin mining malware.

The Obsolescence of Mining Malware

While Bitcoin malware remains an internet security concern, it is increasingly falling out of favor because security companies and the authorities have largely caught up with its sophistication. Cybercriminals have come up with endless iterations of Bitcoin malware, from  programs developed to establish complex mining botnets to ransomware that demands Bitcoin payment. Luckily, security firms have dismantled several Bitcoin mining botnets since last year, including CryptoLocker this summer.

Even in the absence of intervention by security experts and law enforcement, Bitcoin mining malware is rapidly becoming an obsolete notion, largely due to simple economic principles. For instance, a new report from McAfee pointed out that, while mining botnets have become mainstream, they are outmoded and generally futile. The concept’s obsolescence is primarily due to the inordinate difficulty of effectively mining Bitcoins with unspecialized hardware.

Bitcoin Wallet-Stealers

Bitcoin wallet-stealers are less popular with digital thieves than mining, but they remain a threat nonetheless. Hackers create these applications to find and empty Bitcoin wallet files from infected users’ computers. When the software finds Bitcoin wallet files, it sends them to the malware’s command and control server. Because Bitcoins are not backed by a central bank, once they’re stolen or lost, they are completely unrecoverable, just like cash. Most commonly, Bitcoin wallet-stealing malware comes from spam emails that masquerade as something legitimate.

The latest report from Kaspersky makes clear that Bitcoin malware still figures prominently in digital financial attacks. However, the prevalence and sustainability of Bitcoin mining and wallet-stealing malware are both on the decline as security specialists develop more sophisticated ways to thwart cybercriminals’ efforts. The takeaway for users concerned about internet security is to be especially wary of suspicious emails and potentially malicious sites that may infect systems with Bitcoin malware. As with any security threat, users should also download and run updates versions of their anti-virus software.

Get the latest stories and tips from Hotspot Shield in your inbox