What is illicit cryptomining?

Q: How do illicit cryptominers work?

There are two main types of illicit cryptominers: 1. Binary-based – malicious applications downloaded and installed onto the targeted device with the goal to mine cryptocurrency. ESET security solutions categorize most of these applications as Trojans. 2. Browser-based – malicious JavaScript embedded into a web page or some of its parts/objects, designed to mine cryptocurrency via the browsers of the site’s visitors. This method is dubbed cryptojacking and has become increasingly popular with cybercriminals since mid-2017. ESET detects the majority of cryptojacking scripts as potentially unwanted applications (PUAs).

Q: How to keep your organization protected from cryptominers?

1. Protect your endpoints, servers and other devices with reliable and multilayered security solutions 2. Implement Intrusion Detection Software (IDS) that helps identify suspicious network patterns and communication. 3. Increase network visibility by using a remote management console to enforce security policies, monitor system status as well as security of company endpoints and servers. 4. Train all employees (including top management and network administrators) in how to maintain good cyber-hygiene and create and use strong passwords, reinforced with two-factor authentication, increasing the protection of company systems in case passwords are leaked or bruteforced.

An illicit cryptominer is potentially unwanted or malicious code designed to hijack the idle processing power of a targeted device and misuse it to mine cryptocurrency. The mining activity is usually hidden or runs in the background without obtaining consent from the user or admin.

What is illicit cryptomining?

An illicit cryptominer is potentially unwanted or malicious code designed to hijack the idle processing power of a targeted device and misuse it to mine cryptocurrency. The mining activity is usually hidden or runs in the background without obtaining consent from the user or admin.

4 min read

How do illicit cryptominers work?

There are two main types of illicit cryptominers:

1. Binary-based – malicious applications downloaded and installed onto the targeted device with the goal to mine cryptocurrency. ESET security solutions categorize most of these applications as Trojans.

2. Browser-based – malicious JavaScript embedded into a web page or some of its parts/objects, designed to mine cryptocurrency via the browsers of the site’s visitors. This method is dubbed cryptojacking and has become increasingly popular with cybercriminals since mid-2017. ESET detects the majority of cryptojacking scripts as potentially unwanted applications (PUAs).

Spread the word and share online

Why should SMBs care about illicit cryptominers?

A total of 30% of organizations in the United Kingdom fell victim to a cryptojacking attack in the previous month, a recent survey among 750 IT executives across the UK has found. These statistics document two things:

1. Despite illicit cryptomining posing a threat with seemingly lower severity, organizations should not underestimate the risk it represents. Mining usually hijacks a large portion of hardware’s processing power reducing performance and productivity. The power-intensive process causes additional stress to the hardware components and can damage targeted devices, shortening their lifespans.

2. Cryptominers expose vulnerabilities in an organization’s cybersecurity posture, which can lead to potentially more severe compromises and disruptions. Due to their higher and concentrated performance, business infrastructures and networks are a more valuable target than consumer devices, promising the attacker higher earnings within a shorter timeframe.

How to recognize a cryptomining attack?

Cryptomining and cryptojacking are typically associated with extremely high processor activity, which has noticeable side effects. Watch out for the following:

Visibly reduced performance and productivity of the infrastructure
Unusual energy consumption
Suspicious network traffic

How to keep your organization protected from cryptominers?

1. Protect your endpoints, servers and other devices with reliable and multilayered security solutions able to detect potentially unwanted (PUA) cryptomining scripts as well as cryptomining Trojans.

2. Implement Intrusion Detection Software (IDS) that helps identify suspicious network patterns and communication potentially tied to illicit cryptomining (infected domains, outgoing connections on typical mining ports such as 3333, 4444 or 8333, signs of persistence, etc.).

3. Increase network visibility by using a remote management console to enforce security policies, monitor system status as well as security of company endpoints and servers.

4. Train all employees (including top management and network administrators) in how to maintain good cyber-hygiene and create and use strong passwords, reinforced with two-factor authentication, increasing the protection of company systems in case passwords are leaked or bruteforced.

Prevent cryptomining now

ESET PROTECT
Advanced

Get effective protection against cryptomining with ESET multilayered endpoint security solutions able to detect potentially unwanted (PUA) cryptomining scripts as well as cryptomining Trojans. Includes Ransomware Shield and LiveGrid® protection via the cloud and network attack protection. Combine ESET’s powerful scanning engine with ESET PROTECT Cloud and gain detailed network visibility.

LEARN MORE