Internet Performance Delivered right to your inbox

Bitcoin Mining Malware Apps Prey on the Naïve

Bitcoin mining apps can contain malware and viruses that people unwittingly download onto their systems. Plus, they are often chock full of advertising that can be malicious as well.

Someone hoping for a big payday might be enticed to download Bitcoin mining malware on their work computer, or on a phone connected to their company’s network, exposing their organization to a plethora of threats.

Ask the average person on the street what a Bitcoin is, and you’ll get answers ranging from “I have no idea” to comparisons with stocks and panning for gold. Consistent and at times astonishing surges in value have kept Bitcoin steadily in the news, leading more and more people to ask themselves how they can get in on the boom.

So first off, what is Bitcoin? Bitcoin is a type of cryptocurrency, which is an encrypted data string that denotes a unit of currency. It is supported by a blockchain, a peer-to-peer network that serves as a secure ledger for transactions such as buying, selling, and transferring the currency. There are more than 500 different types of cryptocurrency, but Bitcoin has risen above the rest to become the most highly valued and legitimized form.

There are a few ways that a person can profit from Bitcoin. One is to buy it using a traditional form of currency and hope that it increases in value, as you would with more common types of investment. Another way is through mining – the process of creating Bitcoins through cryptographic algorithms that are maintained and confirmed by a network of computers. Miners who run this network are rewarded with small amounts of currency, most commonly Satoshis, the smallest unit of Bitcoin.

Can someone actually profit from Bitcoin mining? Well, that all depends on how much they are willing to spend. There has been an explosion of Bitcoin mining hardware on the market. These boxes can range from $500 into the thousands and generate enough Satoshi to offset the increased cost in electricity. Those newly initiated to the world of Bitcoin, or those who are just mildly curious, most likely aren’t going to run out and spend money on expensive mining equipment. To cater to that ever-growing crowd, there is a long list of Bitcoin mining apps available for phones and computers.

Let’s be honest, we all like money, and we like easy money even more. We’ll play the lottery, buy scratch tickets, and download apps filled with who-knows-what if we think there might be a way to profit. Cybercriminals know this and have introduced Bitcoin mining malware. Malicious actors are ready to prey on those naïve enough to download Bitcoin mining apps without having done any research.

Many of these apps require miners to earn substantial amounts of Satoshi before they can make a transfer to their Bitcoin wallets. These thresholds can be anywhere from 5,000 Satoshi to 450,000 Satoshi. It could take the average person without any additional equipment months to generate 5,000 Satoshi (if their phone or computer doesn’t overheat first), and most would never even reach 450,000. During that time, there really isn’t any obvious proof that you’re legitimately mining at all. Most apps consist of a simple ticker displaying your hash rate and earnings. You may think you’re raking in the Satoshi, but you might really be running Bitcoin mining malware that’s participating in a botnet attack. You won’t know until you’ve reached your transfer threshold, attempt to move everything to your Bitcoin wallet, and surprise – the app was a scam and you’ve been unknowingly launching attacks and offering up your data for months.

Another way hackers target users of Bitcoin mining apps is through advertising. Some apps, particularly ones with high transfer thresholds, will entice users to view ads by promising Satoshi for each click. These ads can contain malicious software, immediately infecting the user’s phone or computer.

Some Bitcoin mining malware has been responsible for ransomware attacks, SQL injections, cross-site scripting, brute force, and BlackNurse DDoS attacks known to target popular firewalls. Many malicious apps also grant Satoshi for five-star ratings in app stores, making the programs appear to be legitimate and reputable.

The widespread use of Bitcoin mining apps, combined with a system that requires them to run all day, every day to be worth it, is creating a huge issue for businesses – or basically any place that offers access to electricity. The malware protection capabilities in Oracle Dyn’s Web Application Security services can help safeguard your organization from the types of malicious software found in Bitcoin mining apps.


Share Now

Whois: Rebecca Carter

Rebecca Carter is a Product Marketing Manager at Oracle Dyn Global Business Unit, a pioneer in managed DNS and a leader in cloud-based infrastructure that connects users with digital content and experiences across a global internet.