Cyber-criminals are using ‘crypto-jacking’ and botnets to mine digital currency at the expense of clueless victims, experts say.
Bitcoin’s popularity and the emergence of about 1,500 other digital coins or tokens have drawn hackers into the red-hot cryptocurrency space, expanding opportunities for crime and fraud, cybersecurity firm Digital Shadows warned in a report on Thursday.
“Cybercriminals follow the money and right now they see in the unregulated and largely unsecure world of digital currencies a huge opportunity to target people, businesses and exchanges and make money quickly and easily,” said Rick Holland, vice-president of strategy at Digital Shadows.
Digital currencies have quickly grown into a more mainstream asset class over the last two years as corporations and financial institutions have expanded use of the underlying blockchain technology.
With weekly launches of new alternative coins, or “alt-coins,” cybercriminals have developed several schemes to defraud cryptocurrency holders.
“Crypto jacking”, account takeovers, mining fraud, and scams against initial coin offerings (ICOs) have all grown more common, the report said.
In crypto jacking, cybercriminals secretly take over another computer user’s browser and use it to fraudulently mine or create cryptocurrencies, according to Digital Shadows’ report.
Miners use special software to solve math problems and are issued a certain number of bitcoins or cryptocurrencies in exchange.
Crypto Jacker software allows users to clone popular websites and initiate spam campaigns.
The cybersecurity company said criminals also perpetrate mining fraud using botnets, collections of internet-connected devices, which may include PCs, servers, and mobile devices that are infected and controlled by a common type of malware.
Users are often unaware a botnet has infected their system.
Botnets were first used to mine bitcoin in 2014. The process was too complex to be financially viable, but botnets have made a comeback because newer cryptocurrencies like Monero are easier to “mine”, Digital Shadows said.
The company said botnets could be rented for US$40. It said one such offering had “flown off the shelves” with almost 2,000 rentals so far.
Cybercriminals have also been drawn to the surging initial coin offering market, the report said. ICOs have raised roughly US$5 billion for various start-ups and projects in 2017, according to data from Crunchbase.
That is up exponentially from just US$100 million in 2016.
Rather than selling scam tokens, criminals target legitimate currencies, either by stealing funds from ICOs or by manipulating prices through the type of “pump and dump” schemes often used with penny stocks and other less-liquid assets, the report said.