Mining malware can also be used for data theft

The criminal side of the crypto world could soon develop a new scam. Instead of „just“ mining crypto currencies without the computer owner’s knowledge and computing power, mining malware could also be used to steal sensitive data. For example, cyber criminals could hack into corporate secrets and bank accounts. This was the finding of a security researcher at the InfoSecurity North America Conference in New York City.

Crypto-jacking has unfortunately been a familiar word in the world of Bitcoin & Co. for a long time. In fact, the number of infections with mining malware has risen by 83 percent this year. As crypto courses are still on a downward trend, cyber criminals could soon add a new „business field“ to mining with external computing services: the theft of data.

When the hacker becomes the news spy

Troy Kent, a researcher at the news spy Awake Security, a network security company, presented his findings at the InfoSecurity North America Conference in New York City. According to CNBC, Kent had researched what other illegal possibilities could be derived from the use of mining malware. With this knowledge he wants to warn companies in time so that they can take appropriate security measures early enough. Kent explained his research findings to CNBC:

„In this attack, people use a tool, a crypto-miner, that they normally see in their network. But they’re not used to reacting as if it were a legitimate threat like a botnet or a Trojan. They can come in and steal files, they can steal intellectual property, steal credentials and then possibly log in as CEO. Or they can download more software. They can shut down services.“

It is not yet known whether this Bitcoin secret method is already in use

However, Kent is sure that if he has managed to do so, other reasonably technically savvy Bitcoin secret mining software could also be used to steal data. He sees the greatest danger in the Bitcoin secret that the method is very difficult to uncover. Therefore, most companies would notice such an attack far too late. Accordingly, they should particularly invest in advanced detection methods based on behavior and analysis. In fact, not a surprising verdict from an employee of a cybersecurity company.