{
	"id": "3d3ffa0a-4769-4a4d-8c91-b1e5c07c3ee3",
	"created_at": "2026-04-06T02:12:30.72442Z",
	"updated_at": "2026-04-10T03:21:58.257708Z",
	"deleted_at": null,
	"sha1_hash": "53e5a118f6e709e2d9a94debfe8e639b5fff2442",
	"title": "Security 101: The Impact of Cryptocurrency-Mining Malware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 464278,
	"plain_text": "Security 101: The Impact of Cryptocurrency-Mining Malware\r\nArchived: 2026-04-06 01:30:57 UTC\r\nby Kevin Y. Huang (Threats Analyst)\r\nThe Australian government has just recognized digital currency as a legal payment method. Since July 1,\r\npurchases done using digital currencies such as bitcoin are exempt from the country's Goods and Services Tax to\r\navoid double taxation. As such, traders and investors will not be levied taxes for buying and selling them through\r\nlegal exchange platforms.\r\nJapan, which legitimized bitcoin as a form of payment last April, already expects more than 20,000 merchants to\r\naccept bitcoin payments. Other countries are joining the bandwagon, albeit partially: businessesnews article and\r\nsome of the public organizations in Switzerland, Norwaynews article, and the Netherlands. In a recent study,\r\nunique, active users of cryptocurrency wallets are pegged between 2.9 and 5.8 million, most of which are in North\r\nAmerica and Europe. \r\nBut what does the acceptance and adoption of digital currencies have to do with online threats? A lot, actually. As\r\ncryptocurrencies like bitcoin gain real-world traction, so will cybercriminal threats that abuse it. But how, exactly?\r\nWhat does this mean to businesses and everyday users?\r\nWhat is cryptocurrency?\r\nCryptocurrency is an encrypted data string that denotes a unit of currency. It is monitored and organized by a peer-to-peer network also known as a blockchain, which also serves as a secure ledger of transactions, e.g., buying,\r\nselling, and transferring. Unlike physical money, cryptocurrencies are decentralized, which means they are not\r\nissued by governments or other financial institutions. \r\nCryptocurrencies are created (and secured) through cryptographic algorithms that are maintained and confirmed in\r\na process called mining, where a network of computers or specialized hardware such as application-specific\r\nintegrated circuits (ASICs) process and validate the transactions. The process incentivizes the miners who run the\r\nnetwork with the cryptocurrency.\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/security-101-the-impact-of-cryptocurrency-mining-malware\r\nPage 1 of 5\n\nBitcoin isn’t the be-all and end-all\r\nThere are actually over 700 cryptocurrencies, but only some are readily traded and even less have market\r\ncapitalization above $100 million. Bitcoin, for instance, was created by Satoshi Nakamoto (pseudonym) and\r\nreleased in 2009 as open-source code. Blockchain technology made it all work, providing a system where data\r\nstructures (blocks) are broadcasted, validated, and registered in a public, distributed database through a network of\r\ncommunication endpoints (nodes). \r\nWhile bitcoin is the most famous cryptocurrency, there are other popular alternatives. Ethereum took “smart\r\ncontracts” up a notch by making the programming languages needed to code them more accessible to developers.\r\nAgreements, or conditional/if-then transactions, are written as code and executed (as long as requirements are\r\nmet) in Ethereum’s blockchain. \r\nEthereum, however, earned notoriety after a hacker exploited a vulnerability in the Digital Autonomous\r\nOrganization (DAO) running on Ethereum’s software, siphoning US $50 million worth of ether (Ethereum’s\r\ncurrency). This resulted in the development of Ethereum Classic, based the original blockchain, and Ethereum, its\r\nupgraded version (via a hard fork).\r\n[READ: Ethereum Classic’s Wallet falls victim to social engineering scamnews- cybercrime-and-digital-threats]\r\nThere are also other notable cryptocurrencies: Litecoin, Dogecoin, Monero. Litecoin is a purportedly technical\r\nimprovement of Bitcoin that is capable of faster turnarounds via its Scrypt mining algorithm (Bitcoin uses SHA-256). The Litecoin Network is able to produce 84 million Litecoins—four times as many cryptocurrency units\r\nissued by Bitcoin. Monero is notable for its use of ring signatures (a type of digital signature) and CryptoNote\r\napplication layer protocol to protect the privacy of its transactions—amount, origin, and destination. Dogecoin,\r\nwhich was initially developed for educational or entertainment purposes, was intended for a broader demographic.\r\nCapable of generating uncapped dogecoins, it also uses Scrypt to drive the currency along.\r\n[READ: Who’s attacking your IoT devices and smart home, and why?news article]\r\nCryptocurrency mining also drew cybercriminal attention\r\nCryptocurrencies have no borders—anyone can send them anytime anywhere, without delays or additional/hidden\r\ncharges from intermediaries. Given their nature, they are more secure from fraud and identity theft as\r\ncryptocurrencies cannot be counterfeited, and personal information is behind a cryptographic wall. \r\nUnfortunately, the same apparent profitability, convenience, and pseudonymity of cryptocurrencies also made\r\nthem ideal for cybercriminals, as ransomware operators showed. The increasing popularity of cryptocurrencies\r\ncoincide with the incidences of malware that infect systems and devices, turning them into armies of\r\ncryptocurrency-mining machines. \r\nCryptocurrency mining is a computationally intensive task that requires significant resources from dedicated\r\nprocessors, graphics cards, and other hardware. While mining does generate money, there are many caveats. The\r\nprofit is relative to a miner’s investment on the hardware, not to mention the electricity costs to power them. \r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/security-101-the-impact-of-cryptocurrency-mining-malware\r\nPage 2 of 5\n\nCryptocurrencies are mined in blocks; in bitcoin, for instance, each time a certain number of hashes are solved, the\r\nnumber of bitcoins that can be awarded to the miner per block is halved. Since the bitcoin network is designed to\r\ngenerate the cryptocurrency every 10 minutes, the difficulty of solving another hash is adjusted. And as mining\r\npower increases, the resource requirement for mining a new block piles up. Payouts are relatively small and\r\neventually decrease every four years—in 2016, the reward for mining a block was halved to 12.5 BTC (or $32,000\r\nas of July 5, 2017). Consequently, many join forces into pools to make mining more efficient. Profit is divided\r\nbetween the group, depending on how much effort a miner exerted.\r\nCryptocurrency-mining malware use similar attack vectors\r\nBad guys turn to using malware to skirt around these challenges. There is, however a caveat for cybercriminal\r\nminers: internet-connected devices and machines, while fast enough to process network data, don’t have extensive\r\nnumber-crunching capabilities. To offset this, cryptocurrency-mining malware are designed to zombify botnets of\r\ncomputers to perform these tasks. Others avoided subtlety altogether—in 2014, Harvard’s supercomputer cluster\r\nOdyssey was used to illicitly mine dogecoins. During the same year, a similar incidentnews article happened to\r\nUS agency National Science Foundation’s own supercomputers. In early February 2017, one of the US Federal\r\nReserve’s servers was misused to mine for bitcoins. \r\nCryptocurrency-mining malware employ the same modus operandi as many other threats—from malware-toting\r\nspam emails and downloads from malicious URLs to junkware and potentially unwanted applications (PUAs). In\r\nJanuary 2014, a vulnerability in Yahoo!’s Java-based advertisement network was compromisednews article,\r\nexposing European end users to malvertisements that delivered a bitcoin-mining malware. A month before it,\r\nGerman law enforcement arrested hackers for purportedly using malware to mine over $954,000 worth of\r\nbitcoins.\r\n[READ: How South Korea’s largest cryptocurrency exchange was hackednews- cybercrime-and-digital-threats]\r\nWe’ve seen the emergence of hacking tools and backdoors related to cybercriminal bitcoin mining as early as\r\n2011, and we’ve since seen a variety of cryptocurrency-mining threats that add more capabilities, such as\r\ndistributed denial-of-service and URL spoofing. Another even tried to masquerade as a component for one of\r\nTrend Micro’s products. In 2014, the threat crossed over to Android devices as Kagecoin, capable of mining\r\nbitcoin, litecoin, and dogecoin. A remote access Trojan (RAT) njrat/Njw0rm readily shared in the Middle Eastern\r\nunderground was modified to add bitcoin-mining functionality. The same was done to an old Java RAT that can\r\nmine litecoin. \r\nCryptocurrency-mining malware’s impact makes them a credible threat\r\nCryptocurrency-mining malware steal the resources of infected machines, significantly affecting their\r\nperformance and increasing their wear and tear. An infection also involves other costs, like increased power\r\nconsumption. \r\nBut we’ve also found that their impact goes beyond performance issues. From January 1 to June 24, 2017, our\r\nsensors detected 4,894 bitcoin miners that triggered over 460,259 bitcoin-mining activities, and found that more\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/security-101-the-impact-of-cryptocurrency-mining-malware\r\nPage 3 of 5\n\nthan 20% of these miners also triggered web and network-based attacks. We even found intrusion attempts linked\r\nto a ransomware’s attack vector. The most prevalent of these attacks we saw were:\r\nCross-site scripting\r\nExploiting a remote code execution vulnerability in Microsoft’s Internet Information Server (IIS)\r\nBrute force and default password logins/attacks\r\nCommand buffer overflow exploits\r\nHypertext Preprocessor (PHP) arbitrary code injection\r\nSQL injection\r\nBlackNurse denial of service attack \r\nThese malware can threaten the availability, integrity, and security of a network or system, which can potentially\r\nresult in disruptions to an enterprise’s mission-critical operations. Information theft and system hijacking are also\r\ndaunting repercussions. These attacks can also be the conduit from which additional malware are delivered. \r\nInternet of Things (IoT) devices are also in the crosshairs of cryptocurrency-mining malware—from digital video\r\nrecorders (DVRs)/surveillance cameras, set-top boxes, network-attached storage (NAS) devices, and especially\r\nrouters, given their ubiquity among home and corporate environments. In April 2017, a variant of Mirai\r\nsurfacednews article with bitcoin-mining capabilities. Mirai’s notoriety sprung from the havoc it wrought in IoT\r\ndevices, particularly home routers, using them to knock high-profile sites offlinenews article last year. Over the\r\nfirst three quarters of 2016, we detected a bitcoin-mining zombie army made up of Windows systems, home\r\nrouters, and IP cameras. \r\nFrom January 1 to June 24, 2017, we also observed different kinds of devices that were mining bitcoin, although\r\nour telemetry cannot verify if these activities were authorized. We also saw bitcoin mining activities surge by 40%\r\nfrom 1,800 triggered events daily in February to 3,000 in March, 2017. \r\nWhile bitcoin mining isn’t inherently illegal (at least in many countries), it can entail a compromise if it doesn’t\r\nhave the owner’s knowledge and consent. We found that machines running Windows had the most bitcoin mining\r\nactivities, but also of note are:\r\nSystems on Macintosh OSes, including iOS (iPhone 4 to iPhone 7)\r\nDevices run on Ubuntu OS, a derivative of Debian Linux OS\r\nHome routers\r\nEnvironment-monitoring devices, used in data centers\r\nAndroid-run smart TVs and mobile devices\r\nIP cameras\r\nPrint servers\r\nGaming consoles\r\n[READ: How to secure your router against Mirai and home network attacksnews article]\r\nCryptocurrency-mining malware can make victims a part of the problem\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/security-101-the-impact-of-cryptocurrency-mining-malware\r\nPage 4 of 5\n\nCryptocurrency-mining malware can impair system performance and risk end users and businesses to information\r\ntheft, hijacking, and a plethora of other malware. And by turning these machines into zombies, cryptocurrency\r\nmalware can even inadvertently make its victims part of the problem. \r\nIndeed, their adverse impact to the devices they infect—and ultimately a business’ asset or a user’s data—makes\r\nthem a credible threat. There is no silver bullet for these malware, but they can be mitigated by following these\r\nbest practices:\r\nRegularly updating your device with the latest patches helps prevent attackers from using vulnerabilities as\r\ndoorways into the systems\r\nChanging or strengthening the device’s default credentials makes the device less prone to unauthorized\r\naccess\r\nEnabling the device’s firewall (for home routers), if available, or deploying intrusion detection and\r\nprevention systems to mitigate incursion attempts\r\nTaking caution against known attack vectors: socially engineered links, attachments or files from\r\nsuspicious websites, dubious third-party software/applications, and unsolicited emails \r\nIT/system administrators and information security professionals can also consider application whitelistingproducts\r\nor similar security mechanisms that prevent suspicious executables from running or installing. Proactively\r\nmonitoring network traffic helps better identify red flags that may indicate malware infection. Applying the\r\nprinciple of least privilege, developing countermeasures against web injectionsnews- cybercrime-and-digital-threats, securing the email gatewaynews- cybercrime-and-digital-threats, implementing best practices for\r\ncorporate mobile devicesnews- cybercrime-and-digital-threats, and cultivating a cybersecurity-aware workforce\r\nare part of a defense-in-depth approach to reducing an enterprise’s exposure to these threats. Ultimately, however,\r\nthe security of internet-connected devices against cryptocurrency-mining malware isn’t just a burden for their\r\nusers. Original design and equipment manufacturers also play vital roles in securing the ecosystems they run in. \r\nHIDE\r\nLike it? Add this infographic to your site:\r\n1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your\r\npage (Ctrl+V).\r\nImage will appear the same size as you see above.\r\nSource: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/security-101-the-impact-of-cryptocurrency-mining\r\n-malware\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/security-101-the-impact-of-cryptocurrency-mining-malware\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/security-101-the-impact-of-cryptocurrency-mining-malware"
	],
	"report_names": [
		"security-101-the-impact-of-cryptocurrency-mining-malware"
	],
	"threat_actors": [],
	"ts_created_at": 1775441550,
	"ts_updated_at": 1775791318,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/53e5a118f6e709e2d9a94debfe8e639b5fff2442.pdf",
		"text": "https://archive.orkl.eu/53e5a118f6e709e2d9a94debfe8e639b5fff2442.txt",
		"img": "https://archive.orkl.eu/53e5a118f6e709e2d9a94debfe8e639b5fff2442.jpg"
	}
}