{"id":107898,"date":"2022-11-10T08:00:38","date_gmt":"2022-11-10T08:00:38","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/securelist\/?p=107898"},"modified":"2023-02-07T10:56:42","modified_gmt":"2023-02-07T10:56:42","slug":"cryptojacking-report-2022","status":"publish","type":"post","link":"https:\/\/securelist.com\/cryptojacking-report-2022\/107898\/","title":{"rendered":"The state of cryptojacking in the first three quarters of 2022"},"content":{"rendered":"

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and retail investors<\/a> estimate crypto to have a solid chance of recovery in the long term, at the time of writing this report the prices remain low. However, cybercriminals are capitalizing on this vulnerable industry more than ever. From advanced APT campaigns targeting crypto organizations (BlueNoroff, NaiveCopy, etc) to various types of hastily made crypto scams, we observe threat actors diversifying their malicious activity against crypto investors \u2014 and not only them.<\/p>\n

In fact, cybercriminals hunting for crypto can target anyone. Apart from cryptocurrency theft they extort digital money or illicitly mine it using victim’s devices instead of their own. Cryptocurrency mining is a painstaking and costly process, and not as rewarding as when the prices were high. However, it still attracts even legitimate miners<\/a>. This can be explained, on the one hand, by the falling cost of mining equipment and, on the other, by less efficient market players having left the game, allowing those who remain to increase their market share. Cybercriminals pay neither for equipment, nor for electricity, which is rather expensive in 2022. They install mining software on the target computer to use its processing power without the victim’s consent. Moreover, malicious mining, or cryptojacking, does not require a lot of narrow technical expertise. In fact, all the attacker needs to know is how to create a miner using open-source code, or where to buy one. If the cryptomining malware is installed successfully on the victim’s computer, it delivers its operator stable earnings. In this report we analyze cryptojacking activity in the first three quarters of 2022, and provide some relevant statistics and insights.<\/p>\n

Methodology<\/h2>\n

This research aims to define the state of cryptojacking in the current threat landscape. The data in this report has been taken from aggregated threat statistics obtained from a variety of sources that include our internal sources, open sources, etc. The main tool we use to obtain and analyze threat-related data is Kaspersky Security Network (KSN). KSN is dedicated to processing cybersecurity-related depersonalized data streams from Kaspersky products whose users consented to anonymized data collection. The metrics provided in this report are based on the number of distinct users of Kaspersky products with KSN enabled who encountered cryptominers at least once in a given period, as well as research into the threat landscape by Kaspersky experts. All analyzed data is anonymized.<\/p>\n

In this report, we examine the main motivation factors for cybercriminals resorting to malicious mining, as well as the most widespread ways of propagation into the victim’s computer. The threat landscape of hidden mining malware is analyzed through a close examination of new malware modifications, the number of affected users, and their geographical distribution. Additionally, we look into certain cryptojackers’ wallets to get some insight into the amount of money they receive.<\/p>\n

The statistics in this report are provided for the first three quarters of 2022. The data from 2022 is compared to data from 2021 to assess year-on-year development trends in cryptojacking.<\/p>\n

Key findings:<\/h2>\n