Cryptocurrency

Cybercriminals earned over $57 million by hiding mining malware in forked projects on GitHub

Crypto mining malware hijackers net $1.2 million a month for the past 4 years, as Github inadvertently becomes the most popular place to host crypto mining malware.

Cryptocurrency seems to be a hotbed for theft and hacking, and it’s no secret cryptojackers prefer Monero. Recently researchers from Universidad Carlos III de Madrid and King’s College London have determined that about 720,000 XMR– or 4.32 percent – of Monero‘s currently circulating supply, has been mined through malware.

With more sophisticated strategies that develop as technology evolves, there’s no denying that cybercrime is getting worse every year. According to security researchers at security company Avast, cybercriminals have found just another way to spread their malware: uploading cryptocurrency mining code to GitHub.

Developers ‘fork’ projects on GitHub, which means making a copy of someone else’s project in order to build their own. Here, the cybercriminals fork random projects and then hide malicious executables inside the directory structure of these new projects, said the researchers.

The cybercriminals use GitHub’s ‘fork’ feature to make a copy of someone else’s project to build, then hide those malicious executables inside directory structures of these new projects, said the researchers.

“We observe that GitHub is the most renowned site used to horde the crypto-mining malware. This is because GitHub hosts most of the mining tools, which are directly downloaded — for antagonistic functions — by droppers,” the researchers wrote.

While the accurate volume of generated revenue is dependent upon when the cybercriminals cash-out their earnings, the researchers estimated it to be worth nearly $57 million over the last four years ($0.3 million per week).

What’s notable is that the criminals don’t have to make people download the executables from GitHub to spread the malware. Instead, the malware can spread through the ever ongoing phishing campaigns the criminals are running.

The investigation further analyzed the place that XMR was being routed to. When hackers steal computing energy to mine cryptocurrency, they’ll clandestinely make use of two attainable methods: becoming a member of a “mining pool,” or mine without anyone else’s input.

The researchers also discovered Monero mining malware hosted as torrents, attachments in Discord channels, as well as muddled through various URL-shortener services. While researchers describe hosting malware on GitHub as “unusual”, they point to it being beneficial to the attackers because it offers unlimited bandwidth.

Sponsored
Adeel Aslam

Share
Published by
Adeel Aslam

Recent Posts

7,300 Teaching Interns Hired Across Punjab

LAHORE: Punjab government colleges have completed the recruitment of 7,354 teaching interns. The Higher Education…

3 mins ago

Pakistani Engineers To Get Free AI Training from PEC

The Pakistan Engineering Council (PEC) is launching a free six-week online training program on Generative…

23 mins ago

VPN Ban Could Cost Pakistan’s IT Industry $1 Billion, Warns P@SHA

The Pakistan Software Houses Association (P@SHA) has raised alarms about the severe impact of the…

13 hours ago

WhatsApp Trials Group Chat Mentions in the Latest Status Update Feature

WhatsApp is rolling out a new feature in its latest Android beta version, allowing users…

14 hours ago

PTA Chairman Confirms No Orders for Mobile Service Shutdown

ISLAMABAD: Chairman of the Pakistan Telecommunication Authority (PTA), Major General (retd) Hafeez-ur-Rehman, confirmed that no…

15 hours ago

35,000 Students to Receive Free Laptops Under Punjab Government Scheme

Punjab Chief Minister Maryam Nawaz Sharif has announced the launch of a new initiative aimed…

15 hours ago