At least that is what the numbers in one cybersecurity firm’s user base show

With the beginning of the “crypto winter of 2022”, when the value of cryptocurrencies dropped significantly, the cryptocurrency industry is facing a liquidity crisis.

Despite that, criminal activity targeting cryptocurrency industry does not seem to be slowing down, according to Kaspersky.

Cryptocurrency mining is a painstaking and costly process, but it is also very rewarding: hence, it attracts cybercriminals’ interest. Making money using cryptominers is profitable for cybercriminals — they do not pay for equipment or for electricity and get to use free computing power on their victims’ devices.

The cybercrime does not even require much specialist technical expertise. In fact, all the attacker needs to know is how to create a miner using open-source code, or where to buy one. If the cryptomining malware is installed successfully on the victims’ computers, steady earnings are bound to follow.

In the three quarters of this year, the cybersecurity firm’s own user base saw a sharp increase in the number of new modifications to malicious mining programs. Experts identified 215,843 new miners, more than twice as many as last year, notably due to a sharp jump in the Q3 2022. Compared to Q3 2021, the growth was over 230%. 

Q1 202123 894
Q2 202131 443
Q3 202146 097
Q1 202221 282
Q2 202240 788
Q3 2022153 773

More widespread than backdoors
Some 48% of the analyzed samples of malicious mining software secretly mined Monero (XMR) currency, which is known for its advanced technologies that anonymize transaction data to achieve maximum privacy. Those monitoring it cannot decipher addresses trading Monero, transaction amounts, balances, or transaction histories — all are factors that cybercriminals find appealing.

Bitcoin wallets that were used in illicit mining in the firm’s user base accumulated around US$1.5k on average every month. The company’s researchers recorded an incoming transaction of 2 BTC, which is more than US$40,500, per analyzed wallet. Most frequently, attackers distribute miners through malicious files masquerading as pirated content – films, music, games and software. Unpatched vulnerabilities are also exploited to spread miners: in the firm’s research, nearly every sixth vulnerability-exploiting attack was accompanied by a miner infection. In Q3 miners became even more widespread than backdoors, which were the prime choice of cybercriminals throughout the first half of 2022.

The share of miners (underscored) among the malware that attackers tried to launch as a result of exploiting vulnerabilities
Q1 2022 % Q2 2022 % Q3 2022 %
backdoor 28.86% backdoor 27.4% ransomware 21.2%
ransomware 17.01% ransomware 17.1% miner 16.5%
miner 12.20% miner 13.8% backdoor 15.6%
downloader 3.00% downloader 1.8% downloader 2.7%

Said a security expert in the firm, Andrey Ivanov: “The silver lining is that while the number of threats is rising, there are no dramatic changes in the number of users that encounter miners. That is why it is extremely important to raise awareness about the first signs that malware is being downloaded onto your computer. It is also necessary to install a reliable security solution that will prevent attacks at an early stage.”