Cryptocurrency

Cybercriminals earned over $57 million by hiding mining malware in forked projects on GitHub

Crypto mining malware hijackers net $1.2 million a month for the past 4 years, as Github inadvertently becomes the most popular place to host crypto mining malware.

Cryptocurrency seems to be a hotbed for theft and hacking, and it’s no secret cryptojackers prefer Monero. Recently researchers from Universidad Carlos III de Madrid and King’s College London have determined that about 720,000 XMR– or 4.32 percent – of Monero‘s currently circulating supply, has been mined through malware.

With more sophisticated strategies that develop as technology evolves, there’s no denying that cybercrime is getting worse every year. According to security researchers at security company Avast, cybercriminals have found just another way to spread their malware: uploading cryptocurrency mining code to GitHub.

Developers ‘fork’ projects on GitHub, which means making a copy of someone else’s project in order to build their own. Here, the cybercriminals fork random projects and then hide malicious executables inside the directory structure of these new projects, said the researchers.

The cybercriminals use GitHub’s ‘fork’ feature to make a copy of someone else’s project to build, then hide those malicious executables inside directory structures of these new projects, said the researchers.

“We observe that GitHub is the most renowned site used to horde the crypto-mining malware. This is because GitHub hosts most of the mining tools, which are directly downloaded — for antagonistic functions — by droppers,” the researchers wrote.

While the accurate volume of generated revenue is dependent upon when the cybercriminals cash-out their earnings, the researchers estimated it to be worth nearly $57 million over the last four years ($0.3 million per week).

What’s notable is that the criminals don’t have to make people download the executables from GitHub to spread the malware. Instead, the malware can spread through the ever ongoing phishing campaigns the criminals are running.

The investigation further analyzed the place that XMR was being routed to. When hackers steal computing energy to mine cryptocurrency, they’ll clandestinely make use of two attainable methods: becoming a member of a “mining pool,” or mine without anyone else’s input.

The researchers also discovered Monero mining malware hosted as torrents, attachments in Discord channels, as well as muddled through various URL-shortener services. While researchers describe hosting malware on GitHub as “unusual”, they point to it being beneficial to the attackers because it offers unlimited bandwidth.

Sponsored
Adeel Aslam

Leave a Comment
Share
Published by
Adeel Aslam

Recent Posts

Microsoft Launches AI-Powered “Support Virtual Agent” for Xbox Users

Microsoft has launched its AI-powered “Support Virtual Agent” chatbot for Xbox Insiders in the U.S.,…

9 hours ago

Musk Says Tesla Won’t Enter Smartphone Market Unless Necessary

Android Authority recently polled its users to find out if they would purchase a Tesla…

9 hours ago

Sukkur IBA Sets Seven Conditions for Conducting MDCAT

The Secretary of the Sukkur IBA Testing Agency has formally requested urgent action from the…

10 hours ago

PSEB Opens Bidding for Nationwide e-Rozgar Centers

The Pakistan Software Export Board (PSEB) has launched a nationwide program to encourage IT startups…

10 hours ago

Google Play Services Bug Disrupts Access to Apps for Pixel Users: Here’s How to Fix It

A significant issue with Google Play Services has left many Pixel users unable to access…

10 hours ago

WhatsApp Beta Partners with Google for Innovative Image Search Feature

When it comes to Android messaging apps, WhatsApp stands out as one of the best.…

11 hours ago