Has your computer or smartphone lost speed? Do not rush to ship the device away for repairs, as you may have simply become a victim of a mining virus.
The first cases of hidden mining were registered as early as 2011. The company Symantec spoke about a virus called Trojan.Badminer, which mined cryptocurrencies using the computers of unsuspecting users. In 2013, there were more infections, as the new mining viruses spread through Skype and hit thousands of devices around the world.
Today, hidden mining has become almost a favorite way for cybercriminals to make a living. A recent study by Kaspersky Lab showed that hackers are increasingly abandoning extortionist viruses in favor of Trojans for mining cryptocurrencies. Experts say that they counted about 2.7 million infected devices around the world. This is almost twice as much as in 2017.
Curiously, the proportion of viruses designed for smartphones is growing as mobile devices are becoming more productive every year, a trait that attracts criminals.
How Does It Work?
A mining virus is a client program that connects to a mining pool and starts producing cryptocurrencies using the processing power of the victim’s video card and/or processor. Monero is considered to be the favorite coin of hidden miners as a recent study showed that about 5% of XMR tokens were mined using malware. But Bitcoins are almost never obtained in this way, as it has become too difficult. Nevertheless, the choice of cryptocurrency depends on the configuration of the computer, and most viruses are able to independently select the necessary pools, depending on the computing power of the device.
There is another category of hidden miner, known as malicious scripts. They are located on infected resources and are activated when working with a particular site. Since 2017, the amount of compromised resources has increased by 725%. These miners are not so dangerous, because they do not affect the device itself. Nevertheless, they can also complicate life by interfering with work on the Internet.
Previously, hidden mining was carried out exclusively by hackers, but now this is available to almost any dark web user who has enough money to buy a Trojan. It is noteworthy that most of the malicious software is designed specifically for Windows, as it is one of the most popular operating systems. Miners for Linux or MacOS are much less common.
What Are the Dangers of Mining Viruses?
The production of cryptocurrencies requires quite a lot of processing power. The first viruses for mining were very easy to notice, as they literally paralyzed the computer, directing all of its resources to the task of generating new blocks. Modern miners act more carefully, but they can still cause performance degradation, especially on weak machines.
In addition, the Trojan is a malicious software that can not only mine cryptocurrencies, but also steal personal data. The intruders can gain access to intimate photos, correspondences, data of bank accounts, cryptocurrency wallets, and any other sensitive information stored on the computer.
Prevention of Infection
Removing modern mining viruses can be a very complex and unpleasant process, so it is best not to allow the infection to occur at all.
The best way to avoid this is by careful "network hygiene.” Cybercriminals have good knowledge of social engineering and know how to take advantage of trusting users. Malicious software can be disguised as counterfeit applications, games, programs for increasing Instagram likes, and so on. For example, in 2017, thousands of users suffered from a fake advertisement blocker.
Another common way of getting an infection is visiting questionable resources through an unprotected connection. In this case, an attacker can easily access the device and install anything on it. In order not to pick up a mining virus, you should avoid visiting dubious websites, and avoid opening files from unverified sources.
In addition, it is always worth using a firewall and antivirus, as this is the first line of defense that will protect against the most common malicious programs. It is important to understand, however, that no antivirus can protect the device completely, especially if its owner is not vigilant.
How to Detect Viruses
The main sign that can indicate the presence of a mining virus is a decrease in productivity. "Greedy" and obsolete viruses are easy to detect since they can consume more than half of the processing power. The most primitive miners can be found by any antivirus, simply by scanning the computer. Generally, they are deleted without any problems.
With more complex viruses, it will be more difficult, as they know how to cheat antivirus software so as not to reveal themselves. They can be detected only through the registry or the task manager by manually scanning all entries and running processes. This method will require at least fundamental knowledge about the operating system.
Removing Mining Viruses
The proverbial curing of the system from hidden miners directly depends on the complexity of the virus. The simplest of them are easily detected and removed by free antiviruses. But more advanced Trojans know how to block the operation of antivirus software, and also force the computer to reboot when trying to wipe the virus manually.
To get rid of uninvited guests, you must start Windows in safe mode and only then start the scan. After removing the malware, it is worth checking the running processes again. It is best to use special programs for monitoring, for example, AIDA64.
The number of infections by hidden miners is growing exponentially. According to experts, the network gained about three million different threats in just the first quarter of 2018, which is seven times more than last year. To protect your device and personal data, you should pay close attention to internet security and use high-quality antivirus software.