South Korea has revealed what is believed to be the country’s first recorded case of cryptojacking with the arrest of “young” hackers involved in such a scheme.
On Thursday, local media publication Aju Daily reported that four individuals have been caught red-handed after managing to allegedly seize control of PCs for the purpose of cryptocurrency mining.
According to South Korean publication Hankyoreh (translated), phishing emails were sent to a total of 32,435 people, leading to the infection of 6,038 machines.
These PCs were infected with malware through phishing campaigns which sent fraudulent emails masquerading as job application documents.
Over the course of two months, beginning October last year, the hackers infected PCs and installed scripts which covertly used the stolen power of the machines to mine for cryptocurrency.
The malicious, secretive use of cryptocurrency mining scripts without user consent is known as cryptojacking. This form of attack has become increasingly popular of late due to the potential financial gains cryptocurrency offers.
See also: Cryptojacking campaign exploiting Apache Struts 2 flaw kills off the competition
If cryptocurrency mining software lands on your PC without detection, it can run for a long time — helping itself to your PC power and electricity in the process — all the while sending proceeds directly to a cryptocurrency wallet owned by an attacker. Signs of infection can include device overheating and unusual, high CPU usage.
These attacks can be sustained for far longer than ransomware, for example, which immediately makes its presence known and runs the risk of victims refusing to pay up.
There have been cases (.PDF) of cryptojacking schemes earning their operator decent profits. However, the young people involved reaped little reward, earning no more than cryptocurrency worth one million won, or approximately $895 between them.
CNET: How to keep your cryptocurrency safe
A police officer told Hankyoreh:
“Security vendors quickly responded to the spread of malicious code, and revenue was not very high. Most of the cases were detected by vaccine during mining for 3 — 7 days. When it was detected, it sent another malicious code again, but soon it was detected again.”
The scheme raised the attention of the National Police Agency who tracked down the fraudsters, booking the four in the process.
While the suspects have not been detained, they will stand trial.
TechRepublic: Why cryptocurrency needs to get more user-friendly to achieve mainstream success
Monero (XMR) is one of the most common forms of cryptocurrency which is mined illicitly through such schemes. Threat actors will often use the legitimate Coinhive mining script in tandem with malware, such as in the recent case of a massive campaign launched against MikroTik routers in Brazil.
This week, Nova Scotia’s St. Francis Xavier University said the institution was forced to close down its entire network after discovering a cryptojacking operation. The Canadian university said that malware had been installed on its network in order to mine for Bitcoin (BTC).
In August, a report suggested that one in three UK organizations had encountered cryptocurrency mining attacks.
Previous and related coverage
Japan issues first-ever prison sentence in cryptojacking case This new cryptomining malware targets business PCs and servers University shuts down network to thwart Bitcoin cryptojacking scheme