What is crypto malware and how can you protect yourself? | NordVPN (2024)

What is crypto malware?

Crypto malware is a type of malware designed to carry out cryptojacking attacks, attacks that soak up all of the resources from the victim’s computer to mine cryptocurrency. You may think that you don’t need to be worried because you don’t own and have never used cryptocurrency. But crypto mining malware doesn’t typically include hackers stealing funds from the victim’s cryptocurrency wallet, just using their device to mine.

Is crypto malware the same as cryptojacking and crypto ransomware?

Many people have a hard time differentiating between different crypto crimes such as crypto malware, cryptojacking, and crypto ransomware. It’s natural, especially if you’re not into cryptocurrency. Let’s break these terms down for better understanding.

Crypto malware and cryptojacking

Cryptojacking means to hijack a person’s computer to mine cryptocurrency. But isn’t that what crypto malware does? Yes, exactly! Cryptojacking and crypto malware are closely related. Cryptojacking is the malicious activity of mining cryptocurrency on other people’s devices, while crypto malware is the malicious code that enables this activity.

Crypto malware and crypto ransomware

Crypto ransomware is malicious software that overtakes a computer, encrypts everything on it, and demands a ransom, often paid in cryptocurrency, to give control of the device back. So while crypto malware stays hidden in the infected device for as long as possible, crypto ransomware is the opposite — it announces itself to you and lists the attackers’ demands. In fact, in some cases the attackers don’t use malicious files. Instead, they skip the encryption part and simply display the notification, hoping the victim will panic and pay without checking their device.

In crypto ransomware attacks, your only options are to either pay the ransom, try to restore your system from a backup, or look online for a key that breaks that encryption.

How does a crypto malware attack work?

Before we explain how crypto malware works, let’s understand how it is used in the first place. To be bought, digital currency must be “mined” first. Mining in this case means verifying and recording transactions on a public ledger called the blockchain. Miners use their computer power to solve complex mathematical puzzles, adding new blocks of transactions to the blockchain. Once all problems in a block are solved, the miners get their share of the rewards. If you wanted to, you could even mine cryptocurrency from your device.

However, the problem is that it’s very slow and requires incredible amounts of processing power. In fact, the electricity your computer generates would probably cost more than the cryptocurrency you’d earn. That’s why cybercriminals look for ways to use other people’s devices to mine cryptocurrency. While all legitimate miners have apps that display resource consumption and earning projections, crypto malware is much less sophisticated and can even run on your browser.

Are crypto malware attacks becoming more common?

The good news about crypto malware attacks is that they are different from other malware attacks in that their frequency often coincides with the rise or decline of the cryptocurrency market. For example, the more valuable cryptocurrency became a few years back, the more crypto malware attacks were recorded.

The only difference might be crypto ransomware attacks that don’t rely on cryptocurrency for its value, but for the level of anonymity cryptocurrency provides. If the value of Bitcoin drops, the attackers can simply ask for more Bitcoin. On the other hand, the fact they can be paid via an pseudo-anonymous wallet from anywhere in the world makes these attacks dangerous and less likely to become less common.

Examples of crypto malware attacks

Crypto malware is primarily designed to mine cryptocurrencies on a target device, but it can be used for other malicious activity, too. Here are a few examples of crypto malware:

• Prometei. Botnets such as Prometei are networks of infected computers that can be controlled remotely, often in DDoS attacks. Prometei mines Monero cryptocurrency but can be used to steal users’ credentials, too.
• PowerGhost. PowerGhost uses Windows Management Instrumentation vulnerabilities to infiltrate a device and mine cryptocurrency. It can also disable antivirus software and even other cryptocurrency miners.
• Graboid. It is a cryptojacking worm that spreads through the Docker Engine and mines Monero cryptocurrency.
• CryptoLocker. CryptoLocker is one of the most dangerous examples of crypto ransomware, a malicious program that encrypts everything on your device and demands you pay a ransom to have your data back.
• Coinhive. Coinhive was one of the best-known cryptojackers using JavaScript. Originally, websites used mining cryptocurrency via Coinhive as an alternative to showing ads, but many chose to implement it without users’ consent.
• WannaCry ransomware. It was a notorious crypto ransomware attack that affected systems all around the world.
• MassMiner. MassMiner is crypto malware built to mine Monero cryptocurrency by using popular exploits, such as EternalBlue.
• Rakhni trojan. Hackers used this malware to check the victim’s system and then decide how to proceed with the attack. For example, weaker systems would be locked with ransomware, while more powerful ones were infected to mine cryptocurrency.

How to detect and protect yourself from crypto malware

Protecting your computer from crypto malware is not that different from protecting it from other types of malware. Often, you can prevent crypto malware attacks just by using your common sense, such as by using trusted sources to download software updates and media.

1. Keep all devices and applications up to date

Crypto malware often uses unpatched flaws in systems. For example, the Windows’ EternalBlue vulnerability was exploited by a vast number of viruses for years before it was known and patched. Because the developers rush to plug security flaws such as EternalBlue as soon as they are discovered, the faster you update your software and your operating system, the harder it is for malware to get inside your device.

Keeping software up to date isn’t complicated. If the software has the option, enable automatic updates or update it as soon as you’re notified.

2. Monitor and protect your network

your devices are connected to some type of a network, whether it’s one in your home, your work, or a public place. Naturally, some of these networks are more protected than others, but none are 100% secure. Your protection depends on your device, network security methods, and even your email client.

While no solution may fit all needs, antiviruses and VPN services can help protect you in a majority of situations. For example, NordVPN secures your connection on any type of a network you’re using, and its Threat Protection Pro feature helps protect your device from accidentally downloading malware.

3. Back up your devices regularly

It may seem like backups are an unnecessary hassle. But a single cyberattack can prove that it was worth the effort. Backups are great against crypto ransomware but that’s not all they’re good for. A bolt of lightning, a flood, or a myriad of other circ*mstances may destroy your system completely, and restoring it from a backup may be your only hope.

You have no reason not to back up your system and files when the task is so simple. If you store files in a cloud, that’s your file backup solution. Similarly, you can back up your system by using the automatic backup option that’s available in every major operating system.

4. Use strong passwords and password managers

The number of digital accounts for music, movies, work, and social media one person uses is impressive. And with every account, you need a password. It’s best to create a strong password for each account and never reuse the same one. But the better the password, the more you risk forgetting it.

That’s why password managers such as NordPass are a fantastic personal security tool. You only need to remember a single password. A password manager can store your address information, credit card details, and notes and, of course, create unique passwords for you. As soon as you visit a site, a password manager fills in your credentials and even reminds you to change passwords you have been using for a while.

5. Learn about cybersecurity

You don’t have to become a cybersecurity expert to avoid crypto malware. Most online scams are obvious when you know what to look out for. But you need to learn to recognize when a friend is simply sharing a file and when a friend’s account is being used to send scam messages. It’s not always easy, but if you know how email phishing works, it’s often enough to stay safer.

Phishing is not the only way your device can be infected with malware. Often, it finds its way through illegal downloads and fake updates. Make sure to only use official sources to download software.