Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Digmine Malware Steals Your Computer Power to Mine Crypto-Currency

    By
    Wayne Rash
    -
    December 28, 2017
    Share
    Facebook
    Twitter
    Linkedin
      bitcoin

      When new crypto-currency mining malware was discovered this week, the first reaction by many security managers was probably one of confusion. While most people know that crypto-currency is a term for digital currency such as Bitcoin, the idea of malware that mines money is something new. For that matter, so is the idea of malware that doesn’t directly threaten the IT environment where it shows up.

      In fact, the people who write crypto-currency mining malware hope that your computer keeps running while the mining software runs in the back ground. There, in addition to currency mining, it will be sending out infected links to your contacts.

      The latest version of crypto-currency mining malware is Digmine, which spreads via Facebook Messenger using a Google Chrome browser extension. Once installed, Digmine begins by inviting a victim’s Facebook friends to open a supposed video file that contains the malware.

      Meanwhile, the other part of the malware begins operations by mining crypto-coins. Crypto-currency is a long random number that’s calculated to create a unit of the currency. Several such units create a block of the currency and a block chain is used to keep the accounting straight. The mining operation involves the calculation of the required number and the accounting process in the block chain.

      Crypto-currency mining is extremely resource intensive. To operate efficiently the mining process requires a dedicated computer with good numeric processing capability. In a legitimate mining operation this is accomplished by installing several GPU (graphical processing unit) cores in a computer and using those to perform the calculations.

      Crypto-currency mining malware on the other hand hijacks as much of a computer’s CPU as it can to perform the calculations. Normally, a CPU in an operational computer isn’t efficient enough to support large scale crypto-currency mining to be worthwhile. The malware solves this problem by using CPU capacity that the creator doesn’t own and electricity the creator doesn’t pay for.

      The lack of efficiency in individual computers is overcome by using a lot of CPUs. As long as those CPUs keep running, the creator of the malware keeps making money. This means that it’s in the best interests of the malware creator to keep a low profile so that the malware isn’t discovered and removed to keep as many CPUs running at the same time as possible.

      Unfortunately, the folks who are using your computers to mine their crypto-currency can get greedy. In order to maximize their profits, they’ll push your hardware as hard as they can. This translates into reduced performance, stability problems and in some cases, additional malware that can cause data loss.

      While the crypto-currency mining itself shouldn’t cause data loss, the other activities that come with it could hurt you, including the danger to your organization’s reputation. In addition, some crypto-currency mining malware has actually damaged computers that didn’t have adequate protection against thermal overload. What’s really going on here is a theft of computer resources, which is why it’s such a big problem.

      And it’s a problem that’s only going to grow. Crypto-currency mining is profitable and under normal circumstances it’s a perfectly legal way to make money. All you need is the time, the upfront capital to buy the required computer resources and the money to pay the electric bill. But when malware writers find out that it’s a way to make more money when they don’t have to pay for the computing power, then it becomes even more attractive.

      Low cost and high profits will lure more cyber-criminals and the hype about high crypto-currency values is an even stronger lure. You can expect to see a significant growth in illicit crypto-currency mining and you can expect to see the vectors move beyond Facebook Messenger, if only because there are so many other options that don’t have Facebook looking for the problem.

      In addition, it won’t take long for the idea that the theft of computer resources can be a profitable business to penetrate the malware community more than it has already. You can expect to see such distributed processing tasks launched for things such as cracking encryption so that hackers can conduct financial crimes and espionage more easily.

      Detecting the existence of malware that steals computer resources can be accomplished by using monitoring software and looking for CPU loads that shouldn’t be there. In addition, anti-malware software should be able to recognize the underlying malware, if not the actual mining or other resource consuming application. Unexpected slowdowns or a sudden increase in instability should be flags to look for illicit operations.

      Prevention also has a role in this new type of malware by cutting off access to the software’s command and control servers and by blocking attempts by the malware to spread itself. While the malware itself may still be in your computing environment, it can’t do any damage if it can’t get its instructions or spread.

      The challenge for you is that many of your past experiences in dealing with malware aren’t relevant to this new approach. The malware creators will get better at preventing detection, they’ll find ways to limit their resource stealing so that you’re less likely to notice. You’ll need to step up your efforts as well if you’re going to catch them.

      Editor’s Note: This article was updated to correct the name of the Digmine crypto-currency malware.

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×