Take care of your resources: miners are attacking

There is probably no one who has not heard about mining and that with its help you can earn “huge money”. More and more people are trying to dig up crypto coins. But there are also those who engage in “black” mining - they mine cryptocurrencies at the expense of other people’s resources.

As soon as it became obvious that a lot of money could be earned by mining cryptocurrencies, some cunning individuals came up with a fairly easy way to monetize their botnets (a network of devices controlled by an attacker) - after all, on each of them you can run a miner and mine cryptocurrency for your own interests. Since the computers of ordinary users are most often infected, the amount of currency mined from each device will be small, so pools of miners are most often used to obtain cryptocurrency. A cryptocurrency mining pool is a special server that distributes the task of calculating a block among all pool participants. As soon as one of the pool participants finds a block, the reward from this block is distributed among the pool participants in accordance with their participation in mining the block (the more work the participant completed, the larger share of the profit he will receive). At the same time, each pool participant can connect an unlimited number of miners. Thus, the attacker includes all manners from the controlled botnet into his account and receives profit from all devices at the same time.

The first official reports of the discovery of hidden mining appeared back in 2011, and in 2013 this phenomenon had already become widespread due to the first extensive infection via Skype.

The operating scheme of all Trojan miners is approximately the same. The first stage, under the guise of a useful program, or through the actions of a virus, is a bootloader that gets onto the victim’s computer. Next, this loader analyzes the configuration of the victim’s equipment and selects the most suitable miner for it and its configuration (currency, type of mining, maximum load, mining pool, etc.), then it downloads and launches it. The main task is completed - the miner is running, the connection to the pool is established. After this, the Trojan can begin to spread itself further, steal data from the user’s device, or even delete itself in order to reduce the likelihood of detection of the miner - the imagination of attackers in this matter is simply limitless.

The Trojan-Ransom.Win32.Linkup behaved quite interestingly.. When a device was infected, access to the Internet was blocked at the level of DNS queries and Bitcoin mining was launched at full capacity without any performance limitations. At the same time, any attempt to access any site led to the opening of a message stating that the computer was blocked by the Council of Europe due to the distribution of child pornography and the requirement to fill out a form with full personal data and the requirement to pay a fine of 0.01 Euro to unblock access.

It turns out that viruses can be not only harmful, but also somewhat useful. In the spring of 2017, the Adylkuzz miner virus was discovered, which not only caused minor mischief by quietly mining Monero on the victim’s computer, but also simultaneously performed a useful function - it closed a security hole behind itself, through which it penetrated itself. Thus, one of the most dangerous ransomware viruses, WannaCry, which exploited the same vulnerability, could no longer reach the computer.

But it's not just evil hackers who profit from unsuspecting users. Also, some unscrupulous developers of widespread software tried to include miners in their software product. So, in March 2015, the authors of the popular Torrent client uTorrent built in a mod from Epic Scale, which was installed with uTorrent in secret from the user.

Therefore, if your computer begins to overheat more often, works slower, your laptop battery begins to discharge noticeably faster, or you notice other signs of constant hard work on your device - this is a serious reason to think about whether your device is being used for mining cryptocurrencies for the benefit of criminals.

Most antivirus software does not classify the miners themselves as malicious software because... they do not cause direct harm and are not always installed without the knowledge of users, because users themselves often mine cryptocurrencies on their devices, but in order to still inform the user about them, they are allocated to the Riskware or Not-a-virus category, and then the user himself makes a decision on further actions with the detected miner. At the same time, in most cases, the downloader program, if detected, is necessarily deleted as malicious..

In order to protect yourself from miner viruses, as well as from any others, in most cases, it is enough to use modern anti-virus software with regularly updated malware signature databases, turn on the firewall, and under no circumstances lose vigilance when downloading anything from the Internet.