When new crypto-currency mining malware was discovered this week, the first reaction by many security managers was probably one of confusion. While most people know that crypto-currency is a term for digital currency such as Bitcoin, the idea of malware that mines money is something new. For that matter, so is the idea of malware that doesn’t directly threaten the IT environment where it shows up.
In fact, the people who write crypto-currency mining malware hope that your computer keeps running while the mining software runs in the back ground. There, in addition to currency mining, it will be sending out infected links to your contacts.
The latest version of crypto-currency mining malware is Digmine, which spreads via Facebook Messenger using a Google Chrome browser extension. Once installed, Digmine begins by inviting a victim’s Facebook friends to open a supposed video file that contains the malware.
Meanwhile, the other part of the malware begins operations by mining crypto-coins. Crypto-currency is a long random number that’s calculated to create a unit of the currency. Several such units create a block of the currency and a block chain is used to keep the accounting straight. The mining operation involves the calculation of the required number and the accounting process in the block chain.
Crypto-currency mining is extremely resource intensive. To operate efficiently the mining process requires a dedicated computer with good numeric processing capability. In a legitimate mining operation this is accomplished by installing several GPU (graphical processing unit) cores in a computer and using those to perform the calculations.
Crypto-currency mining malware on the other hand hijacks as much of a computer’s CPU as it can to perform the calculations. Normally, a CPU in an operational computer isn’t efficient enough to support large scale crypto-currency mining to be worthwhile. The malware solves this problem by using CPU capacity that the creator doesn’t own and electricity the creator doesn’t pay for.
The lack of efficiency in individual computers is overcome by using a lot of CPUs. As long as those CPUs keep running, the creator of the malware keeps making money. This means that it’s in the best interests of the malware creator to keep a low profile so that the malware isn’t discovered and removed to keep as many CPUs running at the same time as possible.
Unfortunately, the folks who are using your computers to mine their crypto-currency can get greedy. In order to maximize their profits, they’ll push your hardware as hard as they can. This translates into reduced performance, stability problems and in some cases, additional malware that can cause data loss.