ITC Security Threat of the Week – Week 9: Bitcoin Mining

Bitcoin is an experimental digital currency that is taking the internet by storm. This futuristic tender differs from regular money as it is decentralised and doesn’t exist in a physical form. A single Bitcoin can be bought for around £123 but many tech savvy users are foregoing the expensive price tag and mining for the coins themselves.

Bitcoin mining is the process of using a computers CPU to complete complex, computational tasks which lead to the “mining” of a block, which are currently worth around 25 Bitcoins. In many cases, leaving a computer on 24/7 can incur energy bills that are higher than any money earned through mining. However many users are getting around this problem by pooling resources and creating a team of miners, this reduces the time and energy it takes to find a block and therefore increases individual profit.
Apart from the fundamental downfalls of this pseudo-currency, a much more sinister problem has caused concern. The rise in the popularity in Bitcoin mining has coincided with the spreading of malware that acts to take over its victims computers. Utilising Skype, the malware hides within infected links and when clicked on by an unsuspecting user, is unleased onto their systems. The virus dropper is downloaded from a server in India, once infected, the host machine becomes a slave of the Bitcoin generator and is forced to sacrifice its CPU for the benefit of the hacker. With so much computational power being stolen, victim’s computers will be drastically impaired by the intrusive program.

Although this campaign has been conducted via Skype, it is likely that this type of malware could affect other sites. If your CPU is running higher than usual and you notice your computer slowing down, it may be possible that your machine is infected. If you are unsure of this, check what is running within your system and lookout for this process:

“bitcoin-miner.exe -a 60 -l no -o -u [email protected] -p XXXXXXXX” (X replaces sensitive data)

If you find this process, it means your machine has been compromised and the malware in question needs to be removed.

The Bitcoin mining virus may be damaging to a personal computer but even more so when considering a company’s IT infrastructure. It is for this reason that businesses should be constantly evaluating their security services to protect against this and similar threats.