Cryptojacking is not as common as it was during the height of cryptocurrency popularity. Savvy attackers will infect popular websites with cryptojacking malware because the more visitors to a site means additional resources. In 2017, researchers found that the Showtime online streaming site contained cryptojacking malware. In February 2018, researchers found cryptojacking on the Los Angeles Times site.
The amount of money generated from cryptojacking is unknown, but researchers estimate that it could be in the millions. In 2018, researchers estimated that the Smominru cryptomining botnet was able to generate $3.6-million in cryptocurrency by infecting approximately 500,000 devices.
Credential stealing is popular to gain access to a system and install background processes that steal cryptocurrency. The PowerGhost malware steals Windows credentials and then uses the popular EternalBlue exploit to spread to other Windows machines. It attempts to disable antivirus software along with any competing cryptomining software.
The cryptominer worm, Graboid, spreads across Docker containers open to the public internet without authentication. Graboid can then use Docker resources to mine cryptocurrency. It’s estimated that Graboid has infected over 2,000 Docker containers.
Good cryptojacking software throttles resource usage. MinerGate is programmed to stop running when a user is active on the local desktop. By shutting down during activity, users are less likely to detect malware on the system, leaving MinerGate active for longer on more machines.
Using open-source GitHub repositories, attackers can inject cryptojacking code into popular software. The attacker forks software in an attempt to look like a legitimate change is made to a code repository. It only requires a few lines of code to add cryptojacking, which can be successfully hidden among hundreds of other lines of code. When users download the new software version, the cryptojacking malware will spread across potentially thousands of machines, including corporate servers with extensive computing resources.
