While the crypto-currency mining itself shouldn’t cause data loss, the other activities that come with it could hurt you, including the danger to your organization’s reputation. In addition, some crypto-currency mining malware has actually damaged computers that didn’t have adequate protection against thermal overload. What’s really going on here is a theft of computer resources, which is why it’s such a big problem.
And it’s a problem that’s only going to grow. Crypto-currency mining is profitable and under normal circumstances it’s a perfectly legal way to make money. All you need is the time, the upfront capital to buy the required computer resources and the money to pay the electric bill. But when malware writers find out that it’s a way to make more money when they don’t have to pay for the computing power, then it becomes even more attractive.
Low cost and high profits will lure more cyber-criminals and the hype about high crypto-currency values is an even stronger lure. You can expect to see a significant growth in illicit crypto-currency mining and you can expect to see the vectors move beyond Facebook Messenger, if only because there are so many other options that don’t have Facebook looking for the problem.
In addition, it won’t take long for the idea that the theft of computer resources can be a profitable business to penetrate the malware community more than it has already. You can expect to see such distributed processing tasks launched for things such as cracking encryption so that hackers can conduct financial crimes and espionage more easily.
Detecting the existence of malware that steals computer resources can be accomplished by using monitoring software and looking for CPU loads that shouldn’t be there. In addition, anti-malware software should be able to recognize the underlying malware, if not the actual mining or other resource consuming application. Unexpected slowdowns or a sudden increase in instability should be flags to look for illicit operations.
Prevention also has a role in this new type of malware by cutting off access to the software’s command and control servers and by blocking attempts by the malware to spread itself. While the malware itself may still be in your computing environment, it can’t do any damage if it can’t get its instructions or spread.
The challenge for you is that many of your past experiences in dealing with malware aren’t relevant to this new approach. The malware creators will get better at preventing detection, they’ll find ways to limit their resource stealing so that you’re less likely to notice. You’ll need to step up your efforts as well if you’re going to catch them.
Editor's Note: This article was updated to correct the name of the Digmine crypto-currency malware.