According to the latest report from Nokia Threat Intelligence Lab, malware based cryptocurrency mining has expanded from targeting high end servers with specializes processors to targeting IoT devices, smartphones and even browsers. Further, the company has stressed the importance of this issue as cryptocurrency mining will continue its upward trend in years to come.
The Bitcoin proof-of-work algorithm is not very friendly to regular processing technology. It works much faster on specialized ASICs, FPGAs and GPUs. Because of this, economic Bitcoin mining is usually done on specialized equipment in locations where cheap electricity is available. Competing technologies such as Monero, use algorithms that can be run economically on regular computer hardware. This has led to a situation where cryptocurrency mining is being conducted in IoT bots, mobile phones and even in web browsers. On its own, a single computing device is not powerful enough to make any money, but when combined in a botnet it becomes financially viable.
Mining in the browser
The user surfing to the compromised website will not be aware of this activity going on in the background. They will be able to continue to browse the site’s content without issues, other than experiencing significantly poorer performance on their device. Because this is a browser-based threat, the impact will be felt regardless of what type of device is being used to browse to the site. The cryptocurrency miner will continue running until the browser is shut down. On a mobile phone, the browser usually continues to run in the background when the user switches to another task, so the coin-miner will continue consuming CPU and draining the battery for some time.
Mining in IoT botnets
A number of cryptocurrency miners are now targeting IoT devices. An example of this is the ADB.Miner bot that exploits Android based IoT devices that have an open Android Debug Bridge (ADB) port. ADB is used by developers to debug Android applications and is not normally left open on production devices. However, apparently some Android based smart TVs, set-top-boxes, tablets and other Android based IoT devices have been deployed accidentally with this debug port open. This effectively gives the attacker shell access over the network. The coin mining software is loaded via a shell script and the device becomes part of ADB. Miner botnet. In not only starts to mine coins 24/7, but like other Mirai based bots, it also scans the local network and the internet looking for other victims.