Detecting Cryptocurrency Mining Malware with Machine Learning

As with many internet experiences, hackers and scammers are alive and well. From identity theft and fraud to false sales and more, threats are out there and non protected devices are at risk. Cryptocurrency mining is no different, with hackers standing to make thousands or even millions if their scams and schemes come to fruition.

How Can Machine Learning Impact Cryptocurrency Malware Attempts

Antivirus and web security leader Trend Micro recognized these frequent malicious attempts to mine cryptocurrency and took steps to detect and dissolve threats sustainably. The company introduced Trend Micro Locality Sensitive Hashing (TLSH), which is a machine learning hash that recognizes and identifies similar files and groups them together with similar cryptocurrency-mining samples. Running this process and looking at the behavior and file types involved with samples makes it easier to detect similar or modified malware.

As a result of using the Trend Micro Locality Sensitive Hashing, the company discovered clusters capable of analyzing and detecting threats on cryptocurrency mining. This works in part by computing the mathematical “distance scores” between the files. Trend Mirco uses a special algorithm to help detect coin miner malware based on groups of other malware that may be related.

Benefits of Using Machine Learning

By clustering samples of malware, researchers specialized in security can design patterns to proactively protect against cryptocurrency malware attacks. Both automated systems and IT engineers focused on malware detection can review the data and flag similarities. The TLSH improves the accuracy with which security specialists can review and repair vulnerabilities.

The TLSH process offers swift scalable searching and crosschecking functions to browse through large volumes of files that could be malicious or unknown against known threats. Trend Micro has successfully employed TLSH in spotting similarities in cryptocurrency-mining malware. After examining the samples, Trend Micro determined that most were for Monero, using the CryptoNight mining algorithm. Generally speaking, Bitcoin tends to be the preferred cryptocurrency for hackers and scammers, particularly due to its high value, spiking at $20,000 last year. The ability to mine Monero on consumer computers paired with its untraceable transaction process seems to be pushing cybercriminals to pursue this form of cryptocurrency, despite its lower value.

What Happens to Victims of Cryptocurrency Malware

Modified open-source code XMRig has allowed the mining of Monero and other similar cryptocurrencies running CryptoNight. Because the code is open source, hackers can manipulate the code to achieve their targets. Notably, though, honest and legitimate miners of cryptocurrency can use this code to meet goals, too.

High cryptocurrency values prompt cybercriminals to capitalize on vulnerabilities and opportunities to maliciously mine for the cryptocurrency. As part of their plans, they make demands on computers and digital resources belonging to others as they execute their efforts.

Trend Micro discovered an extremely high incidence of cryptocurrency mining in home networks. Cryptocurrency mining puts a large drain on computing resources, drawing lots of electricity and running down computer power. When malware works toward this goal, computers and phones can suffer extreme, negative effects. Consumers and businesses can protect their electronic and digital assets by applying threat defense techniques and solutions like Trend Micro™ XGen™ security, using machine learning to thwart illegal attempts to compromise computing systems for illegitimate gain.

At EMPR, we prioritise endpoint security through our partnership with Trend Micro. From the endpoint to the network to the cloud, they’ve got you covered with a connected threat defense recognized by analysts, customers, and industry gurus of all kinds. Contact us now on 1300 134 324 or email us to get your devices secured.