CPU Mining is Making a Comeback (But Only on Botnets)

GPU Bitcoin cryptocurrency

CPU mining malware increased sixfold during the first eight months of 2017, according to a new report from IBM X-Force.

As CCN has reported, the number of computers infected with cryptocurrency mining malware has increased every year and is on pace to reach 2 million in 2017 alone. However, the number of computers infected with CPU mining malware has surged sixfold this year–far beyond the rate of overall increase in infections.

For the average user, CPU mining has been dead for what seems like ages–replaced by more powerful GPU and ASIC miners. However, the IBM X-Force threat intelligence service has identified a remarkable increase in computers infected with CPU mining malware during 2017.

The report theorizes that cyber attackers turn to this flavor of mining malware because, even though CPU mining is not worthwhile on an individual level, hackers often control botnets containing thousands of infected computers. Since they do not have to foot the cost of electricity, what little profit each individual computer makes quickly adds up. The X-Force team found that a standard Intel i5-6500 4 core processor running an Ubuntu server could net about $2.35 per month. Hackers most commonly used the botnets to mine anonymous CryptoNote currencies such as Monero and Bytecoin.

The attacks were often deployed using steganography, the practice of hiding data within image files. After hiding the malware inside a fake image file, the hackers placed them on compromised web servers.

cpu mining
Chart from IBM

According to the report, the manufacturing and financial services sectors tied at 29% for the highest volume of CPU mining attacks. They stated that many of the attacks exploited inexcusable lapses in security, such as failing to validate input fields on web applications.

Notably, the researchers found that Internet of Things (IoT) devices are not attractive to hackers, despite the fact that they are often vulnerable to exploits. Due to their low computing power, even a 1 million-device botnet would likely not produce enough profit to justify the effort to create and maintain it.

Featured image from Shutterstock.

Follow us on Telegram.

Join CCN's crypto community for $9.99 per month, click here.
Want exclusive analysis and crypto insights from Hacked.com? Click here.
Open Positions at CCN: Full Time and Part Time Journalists Wanted.


Josiah is a full-time journalist at CCN. A former ancient and medieval literature teacher, he has been reporting on cryptocurrency since 2014. He lives in rural North Carolina with his wife and children. Follow him on Twitter @Y3llowb1ackbird or email him directly at josiah.wilmoth(at)ccn.com.