Group-IB: The Shadow Market Is Flooded with Cheap Mining Software


Moscow, 10.08.2018 – Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. According to Group-IB’s Threat Intelligence, over a year, the number of shadow-forum ads offering mining software has increased fivefold (H1 2018 vs H1 2017). Group-IB experts say it is a very dangerous tendency to have so many mining Trojans available designed to use other people’s devices and infrastructure for illegitimate generation of cryptocurrency.

Cryptojacking (using computation capacity of a computer or infrastructure for cryptocurrency mining without the knowledge or consent of its owner) is still a comparatively popular method of personal gain, in spite of a clear tendency toward a decrease in the number of incidents of this type of fraud. Growth in the number of such thefts may be caused not only by the growth of mining software offers in Darknet, but also by their comparatively low price, which is often less than $0.50.

The low entry barrier to the illegal mining market results in a situation where cryptocurrency is being mined by people without technical expertise or experience with fraudulent schemes. When they gain access to simple tools for making money off hidden cryptocurrency mining, they don’t consider it a crime, all the more so as the Russian legislative environment still leaves enough loopholes to avoid prosecution for such thefts. There are still very few arrests and cases of prosecution for cryptojacking.

One cryptocoin after another: what are the dangers of mining?

Any device (computer, smartphone, IoT, server, etc.) may be used for cryptojacking: that’s why it is not enough to install detection systems only at the workstation level. New types of mining software appear regularly that bypass security systems based on signature alone. A symmetric response to this threat is the analysis of various mining manifestations at the network level. With this end in view, it is necessary to use, among other things, behavioral analysis technologies to detect previously unknown programs and tools.

Group-IB experts warn that mining results not just in direct financial losses due to increased expenditures for electricity. It threatens the stability and continuity of business processes by decelerating corporate systems and increasing depreciation of hardware.  Infection of infrastructure with a mining Trojan may result in the failure of corporate apps, networks and systems. Unauthorized external programs working without the knowledge of business owners is fraught with reputational losses, as well as compliance and regulatory risks.

What should we do?

Integrated countermeasures against cryptojacking require the detection of all forms of malicious codes distributed or working in the network, based on a regularly updated database of threats to systems (Threat Intelligence class). Suspicious activity should always be analyzed in a secure isolated environment to ensure the absolute confidentiality of data about infected computers, infrastructure segments and other resources. It is important not only to protect yourself within your own network, but to detect cryptomining tools running java scripts on hacked resources seeking to infect as many victims as possible. There is one more type of fraud that has been gaining popularity recently: the use of traditional insiders. Companies should be able to protect themselves against their own dishonest employees who attempt to increase their incomes at the expense of their employer’s resources.

About the company

Group-IB is one of the global leaders in prevention and investigation of cybercrimes. It is the first Russian supplier of Threat Intelligence solutions included in Gartner, Forrester and IDC reports. To prevent cyberattacks, Group-IB has created a line of products for early threat detection. The company is a permanent member of the World Economic Forum. Group-IB has the largest forensic laboratory in the Eastern Europe, as well as its own round-the-clock Computer Emergency Response Team (CERT-GIB). In 2017, the company became the  leader in investigation of cyberthreats in the Russian market, according to IDC.

For more information please contact:

Nika Komarova

Head of Corporate Communications

+7 910 472 24 06 | +7 495 984 3364 ext. [email protected]

Pavel Sedakov

Press Officer

+7 909 979 87 77

[email protected]


For more details see:

telegram | facebook | twitter | linkedin