China – Legal Daily, a Chinese media news source, recently reported that twenty Chinese suspects have been arrested for apparent ties to an immense cryptojacking campaign. Nine of the suspects are currently under the watchful eye of local authorities, while eleven are on bail.
The news source reported that over one million computers were infected with mining ‘bugs’ in this twenty-person operation.
These computers had reportedly mined over 15 million yuan ($2.25 Million U.S.) worth of cryptocurrencies over the course of this “two-year” illegal operation. According to Legal Daily, the $2.25 million in cryptocurrencies included Decred, Siacoin, and Digibyte, which are all computer minable through easy-to-use software.
An investigation into this group was triggered by a January cybersecurity report from Tencent’s security arm, noting that a ‘Trojan horse’ virus had been found in a video game cheat software.
Upon further inspection the Tencent security team noticed that the virus had a mining function built-in, allowing for the attacker to take control of an affected machine’s computational power.
The report further noted that the implanted mining software would only operate when CPU utilization of an affected computer is less than 50%, ensuring users don’t notice any substantial performance degradation.
After a police investigation, authorities concluded that the scheme had ties to Dalian Shengping Network Technology, who may have been responsible for developing the cryptojacking software.
In a related swindle, Yang Moubao, who worked at the aforementioned firm, reportedly cloned a Baidu-owned premier video streaming platform and sold fraudulent subscriptions at internet cafes, gaining over 200,000 yuan ($30,000 U.S).
Yang confessed that he was also responsible for distributing free downloadable plug-ins that he distributed online to take control of other computers
This information was exposed after he was arrested at his home on March the 8th.
In all, Yang and his accomplices at Dailan Shengping Network Technology are rumored to have advertised free downloads for up to 3.89 million individual computers but only used one million for mining cryptocurrencies.
It is unclear what awaits the twenty suspects, but authorities made it clear that they have the situation under control.
Growing Cryptojacking Issue
Cryptojacking, the act of stealing computer resources to mine cryptocurrencies, has become an increasingly apparent problem in the cryptocurrency community.
According to a report from cybersecurity firm McAfee, 2018 Q1 saw cryptojacking cases skyrocket, rising by over 629% alone in just 3 months.
In March, Troy Mursch identified nearly 50,000 websites that had been injected with cryptojacking software. Many of these websites had backdoors that could be utilized to falsely inject scripts into the site, making website visitors susceptible to background mining processes.
However, this has not been only limited to desktops and laptops, as mobile devices have experienced cryptojacking cases as well. Both Google and Apple have had to remove infected applications from their respective app stores after suspicious applications racked up thousands of dollars worth of cryptocurrencies.
Jerome Segura, a security researcher with Malwarebytes gave a comment comparing two prominent cryptocurrency issues, stating:
Ransomware is basically like pointing a gun at you and saying, ‘Hey, pay up or you’re not getting your files back,’ versus cryptojacking you might not even know about it, it’s just going to silently steal your electricity.
He later added that cryptojacking is going to continue to be the preferred activity that cybercriminals will want to enlist, as long of the price of cryptocurrencies stays high.
Title Image Courtesy of Christoph Scholz