If your laptop fan is running at full speed or your smartphone battery is rapidly depleting, crypto malware may be to blame. Together with partners from eco competence group Abuse, G DATA has developed proposals on how crypto mining can actually be used for the benefit of users.
Crypto-mining refers to the mining of crypto currencies. The mining process consists of complicated calculations and serves to verify the transactions of crypto currencies. As a reward, the person carrying out the calculation receives coins in the respective crypto currency. The best known crypto currency is Bitcoin. The mining of Bitcoins is not worthwhile for normal PC users, as it is now run professionally. As a “proof of work”, Bitcoin requires computing power - a lot of computing power. The calculations are carried out in computing centres located in regions with low electricity costs and equipped with special computers where the processor hardware is optimised for mining (graphics cards or ASICs). However, other crypto currencies work differently and their rating methods are based on memory. Monero's CryptoNight method is one example of such memory-intensive proofs of work. CryptoNight is not so easy to optimise with hardware and can therefore be operated effectively on normal computers and even smartphones. But is it worth it?
You can find the benchmarks for Monero mining with currently commercially available CPUs and GPUs at https://monerobenchmarks.info. A Raspberry PI 3 is capable of calculating 11 hashes per second (H/s), and a Samsung Galaxy S5 - a representative of the “older” class of smartphone - manages 16 H/s. A currently standard Windows 10 gaming PC with Intel I7-8700K can cope with 363 H/s. The cryptocompare profit calculator uses the values for the Windows I-7 to show us an “impressive” monthly profit of $1.26 - the equivalent of €1.11. According to coingecko, who use a different calculation method, the figure is $2.35 (€2.07). However, the electricity costs and any fees incurred are then deducted from this income. Even with a favourable electricity price of $0.15, the electricity costs exceed the revenues. This is not really lucrative for individuals.
There are now a number of criminal business models in the crypto-mining sector as well. The irksome electricity costs are passed on from the attackers to the victims. The level of activity of malware families that illegally mine crypto coins on infected computers has increased steadily over the past year. Crypto-mining modules are now available for many malware distribution platforms and can be delivered to infected zombie computers with just a few mouse clicks. Botnets such as Adylkuzz and Smominru managed to mine around 24 Moneros a day using several million bots. At the moment this is the equivalent of almost EUR 1,200, giving an annual projection of about €425,000. In early 2018 this was around 3 times as much.
Cryptojacking becomes particularly lucrative when attackers manage to gain access to large server farms or cloud services for large companies. Last year, Tesla and Gemalto were among those affected. Besides the usual (targeted) phishing methods, programming interfaces are also abused. Even Docker and Kubernetes were abused to install cryptojacking software.
Web services need to be financed. So far, this has been done almost exclusively through advertising. Unfortunately, cyber criminals are also rife in this environment. Malicious functions such as automatic clickers or the distribution of malware via advertising (malvertising) are clear and easy for us to handle automatically. But there are also programs that require more effort. With providers of progressive advertising software especially (which we call Adware or PUPs for “Potentially Unwanted Programs”), there has always been friction that has caused a lot of work. The two groups have now exchanged ideas in the context of the Clean Software Alliance and similar initiatives, and harmonisation is on the cards, based on clear rules. Should crypto-mining actually manage to establish itself as an alternative to advertising, we hope that the two parties will come together more quickly. The eco white paper can act as a starting point for discussion.
Smartphones and tablets have also been targeted, despite the low margins. Mining apps have crept into both the Google Play Store and Apple's App Store, sometimes with fatal consequences for overloaded devices. Mining apps have now been banned from official shops.
But not only infected or hijacked computers are affected. A visit to a website can also initiate the mining process. Crypto-mining scripts are executed in the background without the user's knowledge or consent, resulting in the computer's CPU being used to full capacity and increasing power consumption. This is known as cryptojacking or drive-by mining. These scripts are optimized for high-performance and also use the capabilities of WebAssembly (WASM) to speed up the calculations. Some scripts even manage to stay active in the browser after exiting the website.
Behind this are service providers who offer crypto-mining on websites as an additional source of income for website operators. This is offered as an alternative or a supplement to the usual advertising revenues. The market leader in this area is – or now rather was – CoinHive. They see their service as a platform and charge a 30% commission for all mined coins. Another player is CryptoLoot. They only claim 12% for themselves and boast that new variants are not recognised by AV software (of course this is not true). Until now, most mining providers have left it up to the website operators to inform their customers as they see fit. At first glance, it is not actually obvious that systematic action is being taken against abuse. JSE-Coin - another player - is the only one to announce that it will only start mining via opt-in.
Legal crypto-mining has the potential to be an alternative to advertising banners and paywalls. According to G DATA and eco’s competence group Abuse, crypto-mining can be used to finance legal business models if the players stick to a few rules of the game. The most important basic rules are:
The complete list of suggestions can be found in the white paper. This is intended to contribute to objectifying the debate and triggering the development of technical standards.