Crypto-currency mining malware wreaks havoc in Africa

Read time 4min 20sec
Hackers use malware to defer an unsuspecting user's machine's critical tasks to keep crypto-currency mining operations in progress.
Hackers use malware to defer an unsuspecting user's machine's critical tasks to keep crypto-currency mining operations in progress.

Crypto-currency mining malware is wreaking havoc in Africa, says Israeli-based cyber security company Check Point.

Its Global Threat Index shows that in April, Coinhive, Cryptoloot and XMRig were in the top six malware incidents throughout SA, Kenya and Nigeria.

Crypto-currencies are becoming more popular in Africa as local conditions on the continent are conducive to adoption of the digital currencies. Several African countries suffer from rampant inflation. The number of unbanked people on the continent also makes cryptos a viable option in Africa.

According to crypto-currency marketplace Paxful, in Africa there are more transactions involving the transfer of goods, services and money facilitated through the platform in Africa, compared to the 'developed world' where many trade digital currencies speculatively for profit.

Thus, Check Point notes that cyber criminals are taking advantage of the popularity of digital currencies on the continent by deploying crypto-currency malware.

Computational resources

Check Point says in May, Coinhive again ranked as the number one malware family in all three countries.

"All three are prolific crypto-mining malware, which, unlike other malware, hijack your system instead of holding it to ransom," says Doros Hadjizenonos, country manager for SADC at Check Point.

"While Coinhive leeches your machine's computational resources to mine Monero crypto-currency when an unsuspecting user visits a Web page, Cryptoloot uses your central processing unit (CPU) or graphics processing unit power to add new transactions to the blockchain, thereby releasing new currency."

Similarly, Hadjizenonos adds, XMRig is open source CPU-mining software used to mine Monero crypto-currency.

"At the end of the day, this might affect your business in one of two ways. Either the hacker's mining operation will consume large volumes of power and leave a horrible surprise in your electricity bill, or the operation will overload the CPU of the infected machines, slowing down your hardware performance dramatically. This is because the malware will defer your machine's critical tasks to keep the mining operation in progress."

Hadjizenonos points out that because crypto miners are created to generate as much profit as possible, most will disrupt the day-to-day operations of a business.

"The worst part about crypto-mining malware, and what makes it so sneaky, is that it doesn't need your consent nor rely on you to perform an action in order to make a profit. Take ransomware for example: ransomware relies on the victim to pay a ransom for the attack to be profitable. Similarly, banking Trojans, which steal bank account credentials, need you to first access your account so they can harvest your user name and password."

However, he notes that crypto miners don't need the victim at all. "In fact, all they need is your browser to be up and running, and they're in business, literally."

Crypto popularity

Cyber security firm Trend Micro points out that the popularity and increasing real-world significance of crypto-currencies are also drawing cyber criminal attention; so much so that it appears to keep pace with ransomware's infamy in the threat landscape.

In fact, Trend Micro says, crypto-currency mining was the most detected network event in devices connected to home routers in 2017.

It adds that the algorithm used to mine Monero (CryptoNight) is designed to be resistant to ASIC mining, making it more suited to calculating hashes on consumer hardware CPUs.

Manuel Corregedor, chief operations officer at Telspace Systems, explains that cyber criminals are using crypto-mining malware because the risk of using a compromised computer for other criminal activities is much greater and also potentially less profitable in the short term.

"For example, the risk of arrest and conviction is significantly lower with crypto-mining than with ransomware because ransomware destroys data which could generate reports to law enforcement, depending on the scale, whereas mining crypto-currency does not cause damage and is, thus, less likely to generate reports to law enforcement."

Furthermore, says Corregedor, crypto-currencies such as Monero that focus on privacy reduce the risk even further, making it more attractive to cyber criminals.

He urges users to ensure they have a reputable anti-malware product installed on their systems and that it is up to date.

"Additionally, they should ensure all their software is up-to-date with the latest security patches, specifically operating systems and Internet browsers. Also, it is important to change the default credentials of any devices or software that has been purchased."

However, Corregedor says, the best defence against any malware is to not open any attachments or click on any links in e-mails that appear to be out of the ordinary.

See also