Zcash mining software covertly installed on victims’ machines
Software “mining” the recently established Zcash (ZEC) cryptocurrency is being foisted upon unsuspecting users, Kaspersky Lab warns.
The actual software is not illegal, and not technically malware – it is meant to be used by individuals who are willing to dedicate their machine(s) and pay for the increased electricity usage that accompanies cryptocurrency mining.
Unfortunately, there are unscrupulous individuals looking to get the coins without the cost, and they have been installing the software on users’ computers without permission.
“Cybercriminals use rather conventional ways to distribute mining software – they are installed under the guise of other legitimate programs, such as pirated software distributed via torrents. So far, we have not seen any cases of mass-mailings or vulnerabilities in websites being exploited to distribute mining software; however, provided mining remains as profitable as it is now, this is only a matter of time,” security expert Alexander Gostev noted, and added that the software can also be installed on computers that were infected earlier and became part of a for-rent botnet.
The AV vendor has so far detected some 1,000 unique users who have some version of the Zcash miner installed on their computers under a different name. The account into which the mined coins are deposited shows that its owner got 0.43764714 ZEC since the account was set up.
“An average computer can mine about 20 hashes per second; a thousand infected computers can mine about 20,000 hashes a second. At current prices, that equals about $6,200 a month, or $75,000 a year in net profits,” Gostev estimates.
Has your computer been mining Zcash without your knowledge?
If your latest electricity bill was unexpectedly excessive, and the speed of your computer has decreased dramatically, chances are a cryptocurrency miner is running in the background.
This particular miner is restarted each time the host computer is restarted, so no amount of switching the computer off and on will change the situation.
Kaspersky Lab has provided a list of indicators of compromise (executables and DLLs) that, if found on a computer, point to a covert cryptocoin mining operation.