• According to a report by Kaspersky Labs, incidences of cryptojacking using botnets increased in 2018
• Downloads of cryptojacking malware accounted for 4.6 percent of software downloads by botnets
• The software is put into victims’ computers mainly through the download of pirated software

The use of crypto mining malware among botnets has been on the increase despite plunging prices this year. This was revealed through a bulletin published by Kaspersky Labs. The Russian internet security company explained that Stealth crypto mining attacks, or ‘cryptojacking’ have become the attack mode of choice.

Stealth crypto mining attacks involve the installation of mining software on the computers of the victims and thus, use their computers to mine for cryptocurrency without their consent.

The market does matter

The increase in Stealth crypto mining seems to be tied directly with the current value of cryptocurrencies. After the bull run of bitcoin in December 2018 cooled in January to February, the number of stealth crypto mining incidents saw a decline as well.

Incidences have remained steady since then. All the same, 2018 has seen an increase in the number of crypto mining malware downloads. In Q1, the number of crypto jacking malware downloaded by botnets was 4.6 percent out of all files downloaded.

This is compared to 2.9 percent in Q2 in 2017. However, Q3 has seen a decline in the number of botnet cryptojacking attacks. The reason for this, according to the report is “the ‘reprofiling’ of botnets from DDoS attacks to cryptocurrency mining.”

The general consensus is that the number of incidences of cryptojakcing is proportional to the price of cryptocurrencies.

Most of the malware, the report says, get into victims’ computers during the downloading of pirated software, making this more prevalent in countries with less strict laws about software downloads.

Now, the report says, only time will tell what effect the November bitcoin price crash will have on the rate of botnets attacks.

Undetectable

Cryptojacking seems to be the attack mode of choice for the perpetrators because it is often undetectable.  

“[I]f executed properly, [cryptojacking] can be impossible for the owner of an infected machine to detect […] the reprofiling of existing server capacity completely hides its owner from the eyes of the law. Evidence suggests that the owners of many well-known botnets have switched their attack vector toward mining.  For example, the DDoS activity of the Yoyo botnet dropped dramatically, although there is no data about it being dismantled,” the report says.