Malware Alert: Hackers Stealing Computing Power to Mine Monero


Malware Alert: Hackers Stealing Computing Power to Mine Monero

SophosLabs has published a report on how hackers are distributing a new mining malware across the web. The Mal/Miner-C malware hijacks a computer and allows malicious individuals to mine Monero with the victim’s processing power.

Also read: Deloitte: Bitcoin Is Vital to Understanding the Blockchain

SophosLabs Researches a New Exploit That Borrows CPU Power to Mine Monero

Sophos Labs

A new paper, authored by Attila Marosi, details how the Mal/Miner-C malware infects a computer and borrows its CPU power. Monero is the chosen vehicle for this mining malware, due to its ability to be mined by standard CPUs. The most valuable cryptocurrency, bitcoin, is not a viable candidate for these kinds of malware, since its hashing difficulty has become so high in recent years. 

With Monero and other cryptocurrencies still capable of being mined with CPUs, they have become an efficient source of revenue for hackers, in addition to other tools, like ransomware.

Attila Marosi, Senior Threat Researcher, SophosLabs explains:

The idea was perfect from the criminal’s point of view, but as time went on the average PC was no longer powerful enough to mine even a single coin. It was time to give up on this type of attack and turn the attention to other ways to make money, like ransomware. Recently a new malware family has found a way to use PCs efficiently to mine new types of cryptocurrency.

Marosi details that with Monero’s rise in popularity, criminals have started to spread the new malware payload. The researcher explains that, based on tests, the modern CPU can calculate 50-1500 hashes per second. If multiple CPUs are pooled, such mining can be quite lucrative. Marosi says that attackers wielding the malware often use Moneropool — a mining community based on a mining framework called “node-cryptonote-pool” — to combine their stolen resources.

Cybercriminals Prefer Everyone, Both Big and Small

MoneroThe SophosLabs associate says the problem is more profound than people realize. Marosi explains that individuals and corporate entities should take their security settings more seriously with these types of attacks on the rise. Cybercriminals are interested in profiting off of everyone, and these forms of malware will only proliferate from here on out.

Marosi concludes the research assessment of the SophosLabs paper by saying:

More than 70% of the servers where write access was enabled had already been found, visited and “borrowed” by crooks looking for innocent-sounding repositories for their malware.? If you’ve ever assumed that you’re too small and insignificant to be of interest to cybercriminals, and thus that getting security settings right is only really for bigger organizations, this should convince you otherwise.

Since Monero has grown extremely popular due to its privacy techniques and black market acceptance, this new mining malware may become more prevalent as time goes on. Marosi says the attacks will continue, and suggests that users take the necessary precautions while browsing the web, making sure computers are up to date with strong security features.

What do you think about the Monero mining malware? Let us know in the comments below.

Source: SophosLabs Report

Images via Shutterstock, SophosLabs, Monero.

Tags in this story
CPU Mining, Mining Malware, Monero

There are no bigger believers in Bitcoin than the team at That’s why this site is a one-stop-shop for everything you need to get into bitcoin life. Bitcoin store? Check. Earning bitcoin? Check. Forum discussions? Check. A casino? Yep, we have that too. Information? All here.

Jamie Redman

Jamie Redman is the News Lead at News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 6,000 articles for News about the disruptive protocols emerging today.

Show comments