In some blockchain platforms, such as Bitcoin or Monero, miners can earn money by performing computationally-expensive operations. Cryptojackers or cryptominers are malware that infect a computer and use its computational power to perform these calculations and earn money.
Blockchains use various consensus algorithms to ensure that the process of creating blocks is decentralized. In blockchains such as Bitcoin, Monero, and many others, the consensus algorithm used is Proof of Work (PoW).
In PoW, a valid block is defined as one whose header hashes to a value less than a particular value. Since hash functions are unpredictable, the only way to find a valid block is to try various options and try to get the right one. In the case of Bitcoin, the threshold is set so that the entire network working together will find a valid block every ten minutes on average. Whichever miner finds the valid block gets the reward.
Crypto malware infects a computer and uses it to perform the search for possible blocks. If the malware happens to find a valid block, the attacker can submit it and receive the reward.
Cryptomining malware has grown in popularity since it provides cybercriminals with a way to directly make money off of their control of a system. Some of the leading examples of crypto malware described in Check Point’s 2022 Cyber Attack Trends Mid-Year Report include:
Cryptomining malware is designed to consume significant processing power as it tries potential candidates for a block header. As a result, an infected computer may display one of the following two signs:
Cryptomining malware can be profitable because it gives attackers access to a vast amount of processing power to use for mining cryptocurrency. However, this comes at the cost of the companies who foot the bill for the mining activity occurring on their systems. Some steps that a business can take to prevent its systems from being co-opted for cryptomining include:
Cryptominers are one of several malware threats that companies are facing today. Learn more about the evolving cyber threat landscape in the 2022 Cyber Attack Trends Mid-Year report.
Check Point Horizon XDR and Harmony Endpoint provide defense-in-depth against cryptominers and other malware. XDR provides network-level threat visibility and centralized control across an organization’s entire IT architecture, and Harmony Endpoint identifies and remediates malware infections on the endpoint. Learn more about improving your organization’s defenses against crypto malware by signing up for the Horizon XDR Early Availability Program and requesting a free demo of Harmony Endpoint today.