Cryptomining Malware Attacks Are Going Up, Or Down, Based On Which Report You Read

As we approach the tail end of 2018, many cybersecurity firms are issuing end-of-year reports that detail prevalent threats from the past year and advise internet users on what to look out for in the future.

This week, the companies behind two well-known anti-virus products, Malwarebytes and Kaspersky Labs, released somewhat contradictory reports on the use of cryptocurrency mining malware, making it unclear exactly how much of a threat this attack vector represents going forward.

On November 28, Kaspersky released a security report titled “Story of the year: miners.” The report details growth in the spread of cryptomining malware, which surreptitiously uses a compromised machine’s processor to mine cryptocurrency once installed. It also claims that some pre-existing botnets are being repurposed to mine cryptocurrency, rather than earn money for their hacker administrators by selling DDoS services (which are apparently cheaper to buy now due to market competition).

Meanwhile, Malwarebytes published a 2019 security predictions blog post that suggested, among other things, that “cryptomining on desktops, at least on the consumer side, will just about die.” Malwarebytes’ assessment is that cybercriminals are not seeing sufficient returns from targeting individual consumers with mining malware, and will be more likely to attack more powerful platforms like servers instead. The post from Malwarebytes does, however, echo Kaspersky’s reference to IoT botnets being used to mine crypto, due to the large number of devices that could be compromised and the difficulty of patching them after the fact.

Both reports highlight a possible upside to the current bear market: less crypto-mining malware overall.

The Kaspersky report notes that “after a drop in the value of the main cryptocurrencies, which lasted from January to February, infection activity noticeably declined.” Although Malwarebytes does not make an explicit connection to market value, it does suggest that diminishing returns from mining will nudge cybercriminals toward other attack vectors.

Even so, there is no shortage of sophisticated attacks targeting cryptocurrency users. Earlier this week, payment processor BitPay was the target of a carefully planned attack targeting its Copay wallet, in which a hacker inserted malicious code into an open source Nodejs library, which was incorporated into the wallet’s code.

In a statement, BitPay said it is still investigating whether the code was ever exploited against Copay users, but that users who are potentially affected should immediately move funds to a new wallet running the latest updated software.