The number of domains with cryptocurrency mining scripts installed on them has skyrocketed over 700 percent in three months, according to a recent security firm’s research.
Approximately 2.8 million users were attacked by malicious crypto miners in 2017, with the most successful of cybercriminals earning literally millions of dollars.
Based on the monitoring of a sample of 600,000 sites, we’ve found a 700% increase in the number of domains running mining scripts on one or more pages in the three-month period from September to January of this year.
According to Cyren Security Labs, the number of new websites running crypto-mining scripts jumped three times in October alone, then flattened in November, and subsequently skyrocketed in December and January.
“Basically half the total run-up since September was concentrated in the last two months, suggesting that the rate of spread of cryptomining is only accelerating,” the firm detailed.
Over 8,000 out of the sample sites were found running mining scripts during January with Monero the main cryptocurrency being mined.
2.9 Million Users Under Attack
Kaspersky Labs researchers shared some data on Tuesday regarding crypto-mining malware.
They discovered that cybercriminals have begun using sophisticated infection methods and techniques to install the mining software, the most widely used web miner being Coinhive. According to the security firm, 2.9 million users were attacked by malicious miners last year, representing an increase of over fifty percent from the previous year, adding:
“The most successful groups observed by Kaspersky Lab earned millions of dollars by exploiting their victims in only six months during 2017.”
In a recent demonstration at Mobile World Congress in Barcelona, Spain, Avast claimed that “14,000 internet-connected devices could be hacked to mine $1,000 cryptocurrency in four days,” CNBC reported. The cybersecurity firm demonstrated that “vulnerable internet-connected devices from smartphones to security cameras can be hijacked by hackers and then turned into tools to mine cryptocurrencies.”
While Coinhive is most commonly used by malware creators on unsuspecting victims, an opt-in version exists as well.
In any event, Malwarebytes published an analysis of cryptomining malware last week, saying among other things that “the opt-in version of Coinhive’s API was hardly used (40K/day) in comparison to the silent version (3Million/day)…during the period of January 10th to February 6th.”