This kind of malware, also known as cryptomalware operates with a goal to make money out of cryptocurrency transactions. This can be
achieved through two different methods: stealing cryptocurrency and mining cryptocurrency on victim's devices without them noticing, a
process also known as cryptojacking. Cryptocurrency-mining malware consumes the system resources and utilizes them for mining
cryptocurrencies without user permissions while the Cryptocurrency-stealing malware targets wallet address on local storages on various
devices and replaces its own address.
- Dropper code runs on the victim's device without the victim's permission either via scripts or via proper executables.
- Miner code runs on the victim's device and starts using its computing power to calculate hashes causing the device performance to slow
- The results of the calculations are sent back to the attacker or to an online mining pool who then converts the results into
When compared to computers or laptop, the smartphones and IoT devices have lesser computing power, but are also less secure. Many of
these devices also contain unpatched vulnerabilities that users are unaware of. Hence, attackers creating cryptocurrency-mining malware
are targeting to infect these devices.
IoT cryptojacking malware is becoming more popular on underground forums with one specifically advertised to infect routers at home or
workplace of anyone with an internet connection. The cryptocurrency-mining malwares use the all the computational power in IoT devices for
mining and could cause the device to overheat and potentially fail.
Recommendations and Best Practices
- Regularly update devices with their latest firmware to patch existing vulnerabilities.
- Change devices' default credentials to avoid unauthorized access.
- Disable remote management to guard against unauthorized individuals accessing and changing device's configuration.
- Use the Wi-Fi Protected Access 2 (WPA2) Personal Advanced Encryption Standard (AES) and Temporary Key Integrity Protocol (TKIP), which
is currently the most secure router configuration available.
- Disable Wi-Fi Protected Setup (WPS) on routers.
- Disable Universal Plug and Play (UPnP) when it is not required.
- Install firewalls on network devices.
- Employ intrusion detection and prevention systems to deter malicious attempts.
- Use effective, trusted security software to block cryptocurrency mining malware.