Do not become a crypto-mining bot

by Alice Woods - -

At the present time, there is a lot of speculation in cryptocurrency. Users try to mine cryptocurrency everywhere, and even it gets harder to earn mining coins, the interest is very high. And it only costs for power. 

Avoid becoming crypto mining bot

So, no surprise, some people look for the ways how to mine by using other people’s power.  Some of them do it by plugging in a 1900 watt, whisper quiet, terahash ASIC miner at work, while others attempt to reduce their chance of getting caught and mining coins in malware botnets. Mining botnets actually became very popular because they are more profitable than ransomware and less likely to be detected. 

According to David Holmes at Security Week,[1] crypto mining malware is not malicious and therefore it is hard to detect. However, if you look closer there are three assets being attacked, including system integrity, compute and power. Even though crypto mining malware is less harmful than ransomware or APT it is still a malware and can be detected by using same methods to detect any other malware. 

So, how to spot mining malware?

1. Monitor the Network

Miners usually use mining pool platforms. For instance, Stratum likes ports 3333, 1333, 8333 etc. Advanced antivirus systems, decent “established-only” SNAT firewalls are supposed to block all incoming mining requests. Users also should be notified about all network anomalies such as using the same tools users would use for outbound inspection of any type of cyber threat. However, many of these connections are going to be encrypted and can require SSL inspection. 

Peer-to-peer mining pools can apply DNS in order to locate hosts. Users that have a threat feed which combines common pool servers as Indicators-of-Compromise (IOCs) shouldn’t get infected. However, those who do not have IOCs, should use one, or they can detect the malware another way. When you find the infection, check its config for “pool_address” and watch for other devices or the network. 

In addition, prevent employees run their own hardware cryptominers at their desks. The most effective way is to use the most secure network today; do not let unknown MAC addresses on the network. 

2. Monitor Servers

Monitor your servers, make sure you are monitoring their CPU usage and temperature. If you notice that any device goes to 100% in the night and stays there, it could be a sign of a malicious miner. In addition, even if a malware does not use 100% of the CPU usage the load will stay constant, so you should monitor for that too. 

There are tools that will provide users with the information of new files have been installed on servers. 

3. Protect users via Block List

Drive-by crypto mining is JavaScript which impacts browsers, and the script mines cryptocurrency while the visitor is on the site. Even though the visitor’s system integrity is not affected, the CPU usage and power consumption is. There are malware variants that keep the mining going even when the visitor has closed the browser. 

Fixing this problem is harder because most of the administrators do not monitor a network, CPU usage or fan speed for the visitors. So, in these cases you can try to block access to those sites that host mining JavaScript.

If your thread feed doesn’t have a list of those IoCs there are at least a couple of open-source ones maintained by Good Samaritans like @hobbygrafix: including uBlock and CoinBlockerLists.” D. Holmes wrote “There’s a cute little tool, Dr. Mine, that you can install in your browser that utilizes that threat feeds to do the same. Note, I haven’t tried it, but I acknowledge that it exists.

To conclude, users should take a step back and realize that cryptocurrency mining is just one more malware. In order to protect yourself from cryptocurrency mining, take same steps as you preventing any other types of malware. According to Security week, “Get back to the basics”. 


About the author

Alice Woods
Alice Woods - Antivirus software analyst

Alice Woods is an anti-malware analyst at She is passionate about testing new pieces of software and discovering pros and cons of each program.

Contact Alice Woods
About the company Esolutions


now online
Like us on Facebook