Kaspersky Lab Finds 2018’s Malicious Crypto-Mining Fever Powered by Pirated Software and Content

Cryptocurrency mining malware wreaks havoc in 2018, infecting more than five million people in the first three quarters of the year

A review of the malicious crypto-mining landscape in 2018, by the numbers. (Graphic: Business Wire).

WOBURN, Mass.--()--Kaspersky Lab has released a new report on the global outbreak in malicious cryptocurrency mining that unfolded in 2018, which saw the number of crypto-mining attacks increase by more than 83 percent over the previous year. More than five million people were attacked with cryptocurrency mining malware in the first three quarters of 2018, compared to 2.7 million people over the same period in 2017. The installation and use of unlicensed software and content was the major driver behind this year’s crypto gold rush.

In 2018, malicious cryptocurrency miners prevailed over the main threat of the last few years: ransomware. The number of internet users attacked by malicious cryptocurrency mining software increased steadily during the first half of the year, peaking in March, when around 1.2 million users faced an attack.

Kaspersky Lab researchers investigated the economics behind the sudden onset of crypto-mining fever to discover what drove the global distribution of this threat. They analyzed the regulatory landscape; electricity prices in countries most commonly targeted by crypto-miners; and the main infection vectors for popular malware families.

The analysis revealed that neither cryptocurrency legislation nor the cost of power has a significant impact on the spread of malicious crypto-miners. However, the investigation of different malware families’ propagation found that miners mainly infected devices by duping users into installing pirated software and unlicensed content.

“Our analysis of the economic background of malicious crypto-mining and the reasons for its widespread presence in certain regions revealed a clear correlation,” said Evgeny Lopatin, security expert at Kaspersky Lab. “The easier it is to distribute unlicensed software, the more incidents of malicious crypto-miner activities were detected. In short, an activity not generally perceived as especially dangerous, the downloading and installation of dubious software, underpins what is arguably the biggest cyberthreat story of the year – malicious crypto-mining.”

Other key findings from the report include:

  • The total number of users who encountered crypto-miners rose by more than 83% year over year, from 2,726,491 in 2017 to 5,001,414 in 2018;
  • The share of miners detected out of the overall number of threats detected also grew, from 5% in 2017 to 8% in 2018;
  • The share of miners detected, from the overall risk tool detections is also on the rise, up from 9% in 2017 to 17% in 2018;
  • The total number of users who encountered mobile miners grew, increasing by over five times from 1,986 users in 2017 to 10,242 in 2018.

To reduce the risk of becoming infected with a crypto-miner, Kaspersky Lab advises the following tips for consumers and businesses:

  • Always install software updates when prompted across all the devices you use. To simplify and automate this process, use tools that can automatically detect vulnerabilities, and download and install patches.
  • For personal devices, use a reliable consumer security solution that can detect suspicious activity taking place on your machine, such as Kaspersky Lab’s System Watcher technology.
  • Businesses should be sure not to overlook the need for security on less obvious targets, such as POS terminals, queue management systems, and even vending machines. As demonstrated by the miner that relied on the EternalBlue exploit, such equipment can also be hijacked to mine cryptocurrency.
  • Use application control to track malicious activity in legitimate applications. Specialized devices should be in Default Deny mode. Use a dedicated security solution, such as Kaspersky Endpoint Security for Business, that includes these functions.
  • To protect the corporate environment, educate your employees and IT teams about crypto-mining threats, keep sensitive data separate, and restrict access.

The full text of the “Story of the Year 2018: Cryptocurrency Miners” is available on our blog. Read what Kaspersky Lab experts predict for the future of cryptocurrency in 2019 here. To learn more about ransomware, the “Story of the Year 2017,” visit Securelist.

This report forms part of the annual Kaspersky Security Bulletin. Other sections of the bulletin, including “Threat Predictions for 2019,” are also available on our blog. The annual Review and Statistics will become available in December.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.


Meghan Rimol

Release Summary

Kaspersky Lab has released a new report on the global outbreak in malicious cryptocurrency mining that unfolded in 2018.


Meghan Rimol