Skip to content
Naked Security Naked Security

Cryptomining – is it the new ransomware? [REPORT]

SophosLabs just published a technical report about cryptomining - on your Android device, via apps from Google Play, no less.

Last year, you couldn’t move for ransomware stories, and we all know why: a ransomware attack really, really hurts.
It’s fast, it’s brutal, and it’s instantly disruptive – ransomware isn’t like other malware attacks that try to lie low and avoid the limelight.
And ransomware can be expensive to fix: even if you have a backup/restore process that is slick and efficient, it’s still more hassle to follow that process than just to keep working normally.
Indeed, ransomware can be more than expensive – it can be ethically challenging, too, forcing you to make a hard choice of whether to cave in and do a deal with the crooks in the hope of getting your business moving freely again.
But there’s a new kid on the malware block in 2018: cryptomining.

Cryptomining malware is when crooks covertly infect your computer with software to do the calculations needed to generate cryptocurrency, such as Bitcoin, Monero or Ethereum; the crooks keep any cryptocoin proceeds for themselves.
They do this because, to make any real money with coinmining, you need a lot of electricity to deliver a lot processing power on a lot of computers.
So you can either rent space in a giant coinmining server farm, for example in Iceland, where electricity is cheap and the weather is cold enough to stop your computers melting down…
….or you can steal other people’s electricity, processing power and air conditioning by using malware to sneak cryptominers into their networks, their browsers, their coffee shops, and more.

Where’s the harm in that?

If you get infected with a cryptominer, all your data is still there, and you can still access it, so cryptomining sounds like small beer compared to ransomware.
However, your computer will probably be annoyingly slow, your laptop fans will be roaring all the time, and your battery life will be hopeless.
On a mobile device, all those side effects are much more of an issue, because short battery life means outages when your phone goes flat, and the battery overheating associated with continuous super-heavy processor usage could cause permanent damage.
Ironically, a lot of coinmining software advises you not to bother running it on mobile phones: the computing power of your mobile just isn’t sufficient for decent results, so the costs outweigh the benefits.
But why would crooks care about that, when they didn’t ask for permission in the first place, and when you’re paying the costs while they reap the benefits?
Well, the crooks don’t care, and SophosLabs has just published a technical report that will show you just how much these crooks don’t care.
The report also gives you a fascinating insight into just how much effort cybercriminals are willing to put into getting their cryptomining code accepted into the Android Play Store, and thus to have it “blessed” with Google’s imprimatur.


“Cryptomining is when crooks secretly get your computer to do the calculations needed to generate cryptocurrency”
Cryptomining is using your computer to mine cryptocurrency. It does not inherently mean that the “crooks” are the ones behind it.


I’d refer to mining-by-choice as plain old “coinmining”.
To me, “cryptomining” has now acquired a pejorative sense, like “hacker”, that is synonymous with dodginess, thus playing on the two meanings of “crypto” to imply not only computationally robust but also covert. (Remember that it is common usage that defines semantics, no matter how much any individuals might object – thus data is now unexceptionably a singular noun; egregious means super-bad, not longer super-good like it used to; and restrooms are for anything but.)
But I am hapy to add the word “malware” in there to remove all doubt. As in, “Cryptomining malware is when crooks deliberately infect your computer…”


What makes you say that “cryptomining has now acquired a prejorative sense, like ‘hacker'”? Just in doing a quick Google search, “cryptomining” still means the same thing that it has meant – mining for cryptocurrency. I do appreciate that you have added some clarification into the article, but not sure why you think the word carries an automatic tie to malware now? In your opening you compare ransomware with cryptomining. I don’t know about you, but I am willing to start cryptomining on my machine, but I am not going to put ransomware on it.


I don’t think it has an “automatic tie to malware”, any more than “hacker” always means “bad person”.
But it is my considered opinion that sufficiently few people actually do coinmining by choice on their own computers, while in recent months sufficiently many people have found cryptomining code running that they neither knew about nor wanted, for the word “cryptomining” to be strongly associated with, well, with hacking, malware and cybercriminality.
The thing is that coinmining on your day-to-day computer simply isn’t something most people would consider, because it is just so impractical. (Even visited a web page with in-browser mining scripts? Heck, it’s like the worst days of Flash resource hoggery combined with the worst days of browser memory leakage, combined with the worst days of low-RAM page-faulting swapfestery, all covered in treacle.)
Therefore most people’s most likely encounter with cryptomining in recent times is one they didn’t expect, didn’t consent to, and didn’t want.
Therefore IMO the sense is almost always obvious from context, and almot always, in regular speech, pejorative – as with the word hacker.
But I agree that when I was defining the term early on, I ought to have made the context clear, so I did.


Ok, here is why this type of thing is, in my humble opinion, criminal. This type of ‘malware’ is stealing from me. Stealing? How? It is using my data allotment that ‘I’ pay for without ‘My’ knowledge or permission. No harm? Sure as long as it is not coming out of your pocket. Now that I have annoyed the cryptomining Fanboys I’m ready for my thumbs down.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!