Cryptocurrency

Cybercriminals earned over $57 million by hiding mining malware in forked projects on GitHub

Crypto mining malware hijackers net $1.2 million a month for the past 4 years, as Github inadvertently becomes the most popular place to host crypto mining malware.

Cryptocurrency seems to be a hotbed for theft and hacking, and it’s no secret cryptojackers prefer Monero. Recently researchers from Universidad Carlos III de Madrid and King’s College London have determined that about 720,000 XMR– or 4.32 percent – of Monero‘s currently circulating supply, has been mined through malware.

With more sophisticated strategies that develop as technology evolves, there’s no denying that cybercrime is getting worse every year. According to security researchers at security company Avast, cybercriminals have found just another way to spread their malware: uploading cryptocurrency mining code to GitHub.

Developers ‘fork’ projects on GitHub, which means making a copy of someone else’s project in order to build their own. Here, the cybercriminals fork random projects and then hide malicious executables inside the directory structure of these new projects, said the researchers.

The cybercriminals use GitHub’s ‘fork’ feature to make a copy of someone else’s project to build, then hide those malicious executables inside directory structures of these new projects, said the researchers.

“We observe that GitHub is the most renowned site used to horde the crypto-mining malware. This is because GitHub hosts most of the mining tools, which are directly downloaded — for antagonistic functions — by droppers,” the researchers wrote.

While the accurate volume of generated revenue is dependent upon when the cybercriminals cash-out their earnings, the researchers estimated it to be worth nearly $57 million over the last four years ($0.3 million per week).

What’s notable is that the criminals don’t have to make people download the executables from GitHub to spread the malware. Instead, the malware can spread through the ever ongoing phishing campaigns the criminals are running.

The investigation further analyzed the place that XMR was being routed to. When hackers steal computing energy to mine cryptocurrency, they’ll clandestinely make use of two attainable methods: becoming a member of a “mining pool,” or mine without anyone else’s input.

The researchers also discovered Monero mining malware hosted as torrents, attachments in Discord channels, as well as muddled through various URL-shortener services. While researchers describe hosting malware on GitHub as “unusual”, they point to it being beneficial to the attackers because it offers unlimited bandwidth.

Sponsored
Adeel Aslam

Share
Published by
Adeel Aslam

Recent Posts

Samsung Terminates Employees Over Galaxy S25 Ultra Images Leak

An early setback occurred for Samsung's much anticipated Galaxy S25 series when unauthorized photographs of…

17 mins ago

NADRA Warns Against Excessive Photocopying of Sensitive Documents

ISLAMABAD: According to a public advisory from the National Database and Registration Authority (NADRA), Pakistani…

1 hour ago

Phase 2 of Honhar Scholarship Program Officially Launched

The Honhar Scholarship Program Phase II, inaugurated by Chief Minister Maryam Nawaz Sharif of Punjab,…

1 hour ago

Itel S25 Ultra Fails Durability Test, Raising Concerns

The Itel S25 series, known for its durability and affordability, recently faced scrutiny during a…

2 hours ago

WhatsApp Will No Longer Work on Older Android Phones Starting January 2025

WhatsApp has officially confirmed that, beginning January 1, 2025, it will end support for Android…

2 hours ago

Rs158 Billion Spent on Importing Mobile Phones to Pakistan in the Last Five Months

According to data from the Pakistan Bureau of Statistics (PBS), Pakistan imported mobile phones worth…

4 hours ago