Illicit cryptomining. How can cybercriminals misuse your devices?

6 minutes reading

High processor activity, unusual energy consumption and reduced productivity of your infrastructure. These are some of the signs that your company devices might have been misused for cryptomining. How can you prevent cryptominers from getting into your network? And why should you even care?

As cryptocurrencies become more popular and valuable, driven in large part by the growing mainstream acceptance of such payment methods, they also draw the attention of attackers. Between January and April 2021, the number of cryptocurrency threats increased by almost 19%, according to the ESET Threat Report. During the same period, the value of cryptocurrencies increased dramatically, showing the correlation between rising currency prices and malicious cryptomining activity. Cryptocurrencies have become attractive for a variety of reasons to cybercriminals, who often take over company devices – including those used by small businesses – to reach their financial goals. 

Infographic showing how has the number of cryptocurrency threats increased from Q4 2020 to Q1 2021.

Easy money

 Illicit cryptomining has become the go-to low-risk tactic for cybercriminals. They misuse electronic devices belonging to others to mine cryptocurrency, installing malicious code that secretly steals processing power. Company devices are even more tempting than private ones. Since the former generally offer higher performance, criminals can mine more currency in a shorter timeframe.

As these mining programs generally run in the background, it can be hard to tell the device has been hijacked. Still, some signs shouldn’t be ignored. When infected with cryptomining malware, the device is usually slower and the productivity and performance of a company's infrastructure decreases.

Another warning sign is unusual energy consumption as well as suspicious network traffic. If your Android device has been infected with cryptomining malware, you can spot additional computational load causes, like shorter battery life and noticeably increased device temperature.

The underestimated risk for SMBs

Is this a major issue for my small business, you might ask? On the surface, cryptomining attacks don't seem as severe as other cyber threats. Nevertheless, they can damage your business. "Mining usually hijacks a large portion of hardware’s processing power, reducing performance and productivity. The power-intensive process causes additional stress to the hardware components and can damage targeted devices, shortening their lifespans,” explains ESET security awareness specialist Ondrej Kubovič. Also, cryptomining malware can lead to even more significant disruptions since it exposes vulnerabilities in company infrastructure and cybersecurity posture. These can be misused by other – sometimes even advanced and sophisticated – malicious actors or their code.

Infobox describing discovery of Bitcoin cryptomining operation at Polish police headquarters.

Picky cryptominers

 How do cryptominers infect the device at all? There are multiple malware types and possible strategies. The malicious program is either downloaded and installed on the device or integrated into a web page. In the latter case, cyber criminals embed a harmful JavaScript into a webpage (or some part of it), which has been specially designed to mine cryptocurrency. This technique is called cryptojacking, and it targets mainly Torrent, free streaming or pornographic websites, where internet users tend to spend more time and thus allow the miner to mine more. The most popular cryptocurrency for attackers is Monero. "It has a higher level of transaction anonymity and, most importantly, mining with regular CPUs and GPUs is favored while expensive and specialized hardware such as ASIC miners are deterred,” says Kubovič.

Infographic showing what is the most common malware type and where does it mostly occur

Interestingly, the majority of detected cryptominers are not the obviously malicious trojans, but potentially unwanted applications (PUAs), meaning software that might perform activities not approved or expected by the user. This category includes adware, trackware, cryptominers and more. Such programs could be installed by mistake or due to a lack of knowledge, which is why we advise limiting administrative privileges in your company to mitigate the human risk factor involved.

Fewer chances for miners

 Fortunately, there are ways to prevent cryptominers from infecting your devices.

1. Protect your devices with multilayered and reliable security solutions.

They help you detect cryptomining malware.


2. Implement intrusion detection software (IDS).

It allows you to identify suspicious network patterns and increase network visibility using a remote management console.


3. Follow the principle of least privilege.

User accounts should be provided with as few permissions as possible. This lowers the risk that cryptominers will spread to other devices within the same company network.


4. Use application controls that narrow the software allowed to run to a minimum.

Again, this prevents cryptomining malware from being installed on company devices.


5. Implement a good update and patching policy.

Thanks to this measure, you lower the risk that your company will be compromised via previously known vulnerabilities.


6. Monitor company systems.

Look for excessive power usage or energy consumption.


7. Filter websites that shouldn't be visited from company devices.

Create a blocklist of websites that are not necessary nor suitable for work (Torrents, free streaming services, etc.)

Last but not least, employee training matters. Often, the human factor is the most vulnerable point, but by raising awareness, you can turn it into your defense wall. Here’s how to proceed if you want to build a cyber-aware company culture.

Banner referring to ESET PROTECT Advanced as a protection against cryptominers.

Keep reading