How can you be sure you don’t have any hidden excavators?


Cryptocurrency mining has recently been a buzzword in the IT industry and a phenomenon that is growing relatively quickly. As this trend spreads more and more, more and more people are digging up or adding blocks to the chain, hoping for a cryptocurrency reward. In order to earn the coveted coins, these miners have to invent ever more ingenious, not necessarily legal, ways. Some of the bolder „miners” have no qualms and work at someone else’s expense.

Why miners need your computer

We’ve already written about botnets and how hackers can turn someone’s computer into a zombie by making it part of a botnet. The network of such zombie computers can be used for various purposes, for example, to mine cryptocurrency.

Simply put, the computer becomes part of a distributed network whose computing power is used to mine cryptocurrency that ends up in the botnet owner’s pocket. Several thousand computers that make up a botnet can mine cryptocurrency much faster than a single computer. In the case of such a botnet, victims pay more for electricity, making the installation of mining applications on computers of unaware users an extremely lucrative business for hackers.

The user can install the mining application on purpose to mine the cryptocurrency on his own. However, distinguishing between legal and illegal mining is quite a challenge. The applications used for this look the same: the only difference is that the installation is done secretly and the application works illegally.

How a hidden mining program gets onto your computer

In most cases, such a program is installed on the computer with the help of special malicious programs, so-called droppers whose main task is to secretly install another program. Droppers usually hide in pirated versions of products that require you to purchase a license, or activation key generators. Users search for such programs on peer-to-peer networks and consciously download them.

When the downloaded file is launched, the installer is placed on the victim’s computer, which in turn downloads an excavator and a special utility that allows it to be hidden from the system. This application is usually accompanied by services that are responsible for its automatic launch and configuration of settings.

For example, such services may pause the excavator program when the user starts some popular internet game (the excavator uses the processing power of the graphics card, which may cause the game to crash and make you suspicious).

The service may also try to disable antivirus products, pause the excavator after running a system monitoring utility, and resume its operation when the user tries to remove it.

The scale of the problem

Hackers distribute such applications as services. They use Telegram channels dedicated to online work opportunities – sometimes they display ads offering trial versions of such droppers to distribute a hidden excavator.

To illustrate the scale of this phenomenon, let me give you an example: our experts recently discovered a botnet consisting of around several thousand computers on which a Minergate excavator was secretly installed. Instead of popular bitcoins, it usually mines less known cryptocurrencies, such as Monero (XMR) or Zcash (ZEC), which allow you to hide transactions and the wallet owner. The most restrained estimates suggest that a single mining botnet could generate a profit of over $ 30,000 per month. More than $ 200,000 passed through the botnet that our experts detected.