Cyber-thieves seek to cash in on Bitcoin boom

Bitcoin’s booming value has driven a huge rise in crypto-currency themed malware, say security firms.

In one month, anti-malware software company Malwarebytes said it stopped almost 250 million attempts to place coin-mining malware on to PCs.

Symantec said it had seen a “tenfold” increase in the amount of malicious code connected with crypto-cash.

Cyber-thieves are using both dedicated software, hacked websites and emails to snare victims.

Cashing in

“There’s been a huge spike,” said Candid Wuest, a threat researcher at online security firm Symantec, adding that it had been caused by the rapid increase in Bitcoin’s value.

On 29 November, the value of one Bitcoin surpassed $10,000 (£7,943) – a massive increase on the $1,000 each one was worth at the start of 2017, although that figure has now fallen back sharply.

“With $10,000 being breached, and all the hype, a lot of people are trying to make money with crypto-coins,” said Mr Wuest.

Most of the activity seen by Symantec and other security firms involves crypto-coins other than Bitcoin. This was because it took a huge amount of computer power to produce or “mine” bitcoins.

By contrast, he said, mining other crypto-coins such as Monero could be done on desktops, laptops and even smartphones.

Many of these alternative coins had risen in value alongside Bitcoin, said Mr Wuest.

Mining involves solving complicated mathematical problems and those who take part can be rewarded with coins. The more machines one person can get mining on their behalf – the more coins they are likely to amass, said Mr Wuest.

Malwarebytes told the BBC that its security software was now, on average, stopping about eight million attempts a day by coin-mining code to compromise users’ PCs.

Much of this coin-mining software was found on websites that had been hacked, to give attackers the ability to install their own code. One researcher found almost 2,500 sites hosting mining code.

Other cyber-thieves have hijacked extensions and add-ons for web browsing programs to insert the malicious code. Once on a computer, the malware often runs processors at close to 100% to get as much mining work done as possible. On smartphones, this can mean batteries are depleted very quickly.

Much of the mining malware seen before now relied on using a victim’s browser, said Malwarebytes’ security researcher Jerome Segura. Attackers had now adapted malware to ensure it mines coins for as long as possible and did not stop when a browsing program was shut down.

“The trick is that although the visible browser windows are closed, there is a hidden one that remains opened,” wrote Mr Segura in a blog detailing how the malware works.

The tiny window lurks beneath the taskbar on a Windows machine and would not be noticed by a victim, he said. Adverts that run on porn sites had been found harbouring this malware, he added.

It is not only websites that are being caught up in attempts to cash in on the crypto-cash boom, said Nicole Eagan, chief executive of security firm Darktrace.

Ms Eagan said it had found coin-mining programs of one sort or another on the internal networks of 25% of its customers. Many sought to use the significant computer processing power available inside corporate networks to generate coins.

“Sometimes it’s an external intrusion into the network and sometimes its an employee that’s looking to do it,” she said. “It’s rampant at the moment,”