Cryptocurrency Mining Malware Hits Over 1 Million Computers in China
By Julia Sowells Senior Information Security Specialist at Hacker Combat,
Over one million computers in China have been infected by cryptocurrency mining malware resulting in hackers earning over $2 million in a period spanning over two years.
Citing information from the local press, industry website Coindesk has reported that police in Da Lian city have also started arresting people suspected to be involved in the attacks. The Coindesk report, dated July 9, 2018, says- “According to a local news report on Monday, police in China’s Da Lian city have arrested 20 suspects from a computer technology firm who allegedly gained control of the large number of computers in order profit from illicit cryptocurrency mining.”
As per reports, the cryptocurrency mining campaign was executed by embedding the malware inside internet browser plug-ins that come via display ads. The plug-ins were installed and over one million systems ended up being infected. The Coindesk report says- “The hackers created and embedded the malware inside internet browser plug-ins they developed for various purposes, such as enhanced browsing speed, which were shown in display ads that reached 5 million computers in the country…By clicking the display ads and installing the plug-ins, over a million computers were subsequently infected, mining a total of 26 million digibyte, decred and siacoin tokens over the course of two years, according to the police.”
Rather than going for the major cryptocurrencies, the hackers behind this campaign opted to mine some minor cryptocurrencies that don’t demand great amounts of computing power. Thus the hackers could do the cryptomining process at the back-end in a very quiet manner, making sure that the victims won’t even spot it out. The newspaper report also says that the people behind the malware campaign worked by developing a network comprising over 100 agents, who helped propagate the crypto mining malware. This is done by doing things like establishing ties with internet cafes etc.
This cryptocurrency mining campaign follows another similar one, which happened recently in China. There were reports, in mid-June, of a group of hackers executing a cryptocurrency mining malware-based campaign by hacking systems in internet cafes across many cities in China and over a period of almost a year; the campaign had started in July 2017.
A Coindesk report, dated June 19, 2018 says- “According to a local news report on Saturday, police in Rui’An city in Zhejiang province arrested 16 suspects who, it’s claimed, have gained 5 million yuan ($800,000) by hacking more than 100,000 computers in internet cafes across 30 Chinese cities since July of last year…The report said the hackers first developed a piece of malware that can specifically mine the siacoin cryptocurrency on an affected device, then marketed it to computer maintenance firms who allegedly helped to inject the malware to computers at internet cafes whilst carrying out routine checkups.”
Julia Sowells is a security geek with almost 5+ years of experience, writes on various topics pertaining to network security.