Bogus apps duping users into Bitcoin mining for criminals

Cyber criminal gangs are expanding their Bitcoin operations by creating increasingly sophisticated ways to force machines to mine for them, according to researchers at security firm Malwarebytes.
Lead malware intelligence analyst Adam Kujawa reported detecting a number of Potentially Unwanted Programs (PuPs) carrying Bitcoin-mining malware in a public blog post, warning that in many cases they even get the victim to unwittingly agree to hand over control of their PC.

"A recent and unfortunate discovery by some of our users revealed that some of these programs do more than just cover your desktop in ads, they also steal your systems' resources for mining purposes," read the post.

"This time, however, we are taking a look at a PuP that installs a Bitcoin miner on the user system, not just for a quick buck but actually written into the software's end-user license agreement (EULA). This type of system hijacking is just another way for advertising-based software to exploit a user into getting even more cash."

Bitcoin mining is the process used to earn Bitcoins. In a normal situation the user agrees to run the algorithm used to authenticate transactions on the platform and is rewarded with Bitcoins for their trouble. The practice requires vast computational and electric power and is a key reason miners often use high-power, dedicated mining machines to earn the crypto currency.

The cost of maintaining the Bitcoin mining machines, coupled with the currencies' ever-growing value has led many criminal groups to alter their botnet empires to begin mining the currency. Symantec estimated that the botnet Bitcoin operations are causing as much as $560,887 worth of harm per day in electricity use alone.

Kujawa supported Symantec's claim, confirming that the new PUPs' mining programs are using as much as 50 percent of the victim system's resources.

The Malwarebytes researcher said he expects to see more Bitcoin scams in the near future, as criminal groups expand to find new ways to increase the yield of their mining operations.

"When used legitimately by willing participants, they help the Bitcoin network run more efficiently and make extra cash for those willing to put in the effort. The unfortunate side is that while anyone can run a miner, anyone can also force a miner to run on a system, even if it isn't their own," read the post.

Kujawa's forecast mirrors that of many security researchers. F-Secure chief research officer Mikko Hypponen joked that the value of Bitcoins will lead hackers to turn any IP-enabled device they can, including toasters, into mining machines at an event in Helsinki earlier this year.