As the value and quantity of digital currencies have rocketed, so too have the risks. In fact, crypto-related malware has spiked over the last year, breaking the top 10 most commonly found malware families. Some attacks are designed to steal the currency outright, by robbing digital wallets, but the majority of threats come in the form of “cryptojacking.” That’s why everyone should become aware of the risks.
Cryptojacking is when a cybercriminal uses someone else’s computing power to mine for cryptocurrencies without their consent. They do this because mining for digital currencies like Bitcoin, while still lucrative, is more expensive than it used to be. Miners now need multiple machines to crank through the complicated algorithms that lead them to digital gold.
So, instead of investing in costly hardware, some cybercrooks have designed malware to steal computing power from normal users’ devices. They do this by distributing risky mobile apps, taking advantage of flaws in existing software, or even by using drive-by downloads embedded in online ads. In fact, malware-infected ads, also know as “malvertising”, have become a popular channel for distributing these “miners.”
Earlier this year 60 million Android users were affected by an attack embedded in online ads. Users who encountered these ads while surfing online were redirected to a malicious website, which prompted them to enter a Captcha to prove they were human. All the while, the malware was utilizing the phone’s computing power to mine for the Monero digital currency. While the attack lasted just four minutes on average, if you left the webpage open it could eventually overtax your CPU, essentially destroying your device.
And the amount of risky apps designed to steal mobile computing power is startling. McAfee researchers identified over 600 malicious cryptocurrency apps across 20 app stores, including Google Play and the Apple store.
Of course, computers are a prime target for cryptojacking since they offer more computing power than smaller devices. Many attacks take advantage of vulnerabilities in outdated software. In fact, PC miners are so common it’s believed that tens of thousands of computers are already infected.
Unsurprisingly, social media offers another avenue of attack. Take, for instance, the Digmine malware, which spread via Facebook Messenger disguised as a video file. Not only did it infect the machine of anyone who opened the file, it also had the potential to automatically send the file to all the user’s Facebook contacts. The same is true of the recently discovered FacexWorm. This Messenger malware directed users to fake versions of popular websites like YouTube, and prompted them to download a browser extension to watch content. But in reality it was stealing passwords and mining for cryptocurrencies.
Now that you are aware of how prevalent crypto malware can be, here’s what you need to do to protect your devices, data, and money.
- Use Security Software—Install comprehensive security software than can protect all your computers and devices from the latest threats. And, don’t forget about your home internet-connected devices, such as IP cameras, and interactive speakers. They often come with weak security. Consider buying a router with protection built-in, or setting up a separate network for your IoT devices. This way, even if a connected device is infected, cybercriminals will be unable to access your data-rich devices on the other network.
- Choose Strong Passwords—These are still your first line of defense, so consider using a Password Manager to help you create and store complicated, unique passwords. If you reuse passwords, a breach of one account can quickly spread to other accounts and devices.
- Surf Safe—Try to stick to reputable websites and consider downloading a browser extension that can detect cryptomining malware such as Chrome’s No Coin, or Mozilla’s Crypto Mining Blocker.
- Avoid Risky Apps—Only download apps from official app stores, and read other users’ reviews first to see if they are safe.
- Keep all your software up-to-date—Many of the threats targeting PCs take advantage of vulnerabilities in existing software. Update your software regularly to make sure you have the latest patches and fixes.
Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.