Crypto-Currency Mining Malware

December 27, 2017 by Agnes Talalaev

Cyberspace is here to stay, and its internal financial mechanisms and instruments develop with increasing speed today. 

That means, that both sides of the coin do. And, there will be increasing interest, even conflicting interests in that who and what entities have the mandate to enforce the regulation, do casual policing – and what is more, ultimately define implementations and practices of moral, ethics and finally, regimes, within the cyberspace.

Financial mechanisms in the cyberspace are increasingly based on decentralized tokens, and even when they are oftentimes marketed by using arguments of “practicality”, what the question really is about governance and rule of the cyberspace – a battle of power. The notion of decentralized non-governance is merely a myth here.

One pressing and fundamental issue within the financial system of the cyberspace, that is then the characteristics of crypto token schemes, is that of privacy. Privacy in relation to the real world, but also privacy within the system.

Where early BitCoin network provided zero privacy within the system, it held a relevant distance to the concepts and institutions of traditional nation-state backed up privacy. Something that has been a major grievance between those reaching towards the seat of power in the cyberspace.

crypto-currency mining malware webarx

Most recent entrant, Monero, takes an ambitious reach to the cyberspace, by introducing an even stronger concept of internal privacy and thus, in essence, strengthening the declaration of independence of cyberspace.

Introduction of a financial system leads also inevitably to the question of resources – and at some point in future about social control, responsibility, management of labour and ultimately perhaps, distinctive regimes and identities in a peaceful settlement.’

Ownership of resources in the cyberspace

Cyberspace depends on various things from the real world, one of them is computing power and time. On the theoretical level, most cryptocurrency projects are spin-offs from the academic discussion to build mechanisms to control and manage essential blood and nerves of the cyberspace.

Whether successful or not, at least they have had the issue to the surface and recent malware, and double-ware have shown initiative to make cyber-territorial claims to seemingly unused blocks of that valuable power and resources. This is of course oftentimes in contrast with the territorial claims and ownership in the real world.

Monero, as one of the most privacy-preserving crypto tokens currently out there has got two ambassadors, at least two projects that aim to demonstrate how unused resources in the cyberspace could be used, even lawfully, for the good for the society. As an initiative, this can perhaps be somehow loosely connected to various political campaigns to “reclaim unused houses, public places, etc”.

One Monero mining malware has recently seen spreading on the server side, exploiting common vulnerabilities, not to destroy things or look for ransom, but to use the spare computing time and resources to mine Monero tokens for the attackers.

crypto-currency mining malware webarx

Another project lets people to place a tiny piece of code on their website, to mine same tokens on the computing power and time of the visitors who stay on their site. Both are old tricks, but encouraging now new discussion on relevant issues, not only “who governs”, but “who owns” – including loose references to civil rights, communism and universal rights of humans to exploit resources for the good.

Contributing resources, taxation and the cyberspace

crypto-currency mining malware webarx

These two Monero mining projects, one of which is more “malwarish” than the other, bring up the question of social economics in the cyberspace. Nation-state oriented legacy taxation systems are not able to contribute to the wealth of cyberspace, but rather just aim to exploit it for its own patriotic needs of surveillance and control.

In cyberspace, labor has two things, computing power and time, and their own effort and choices. Contributing computing power to the cyberspace is an old idea, already something explored tens of years ago. Users, like people in general, are not irrational.

The other server-side invasive Monero miner, on the other hand, comes to collect taxes by force. That is a direct analog how tax-collection goes in the real world as well. Perhaps this new method of forced contribution, which does not end to the Monero miner, by the way, is maybe better seen as proof of concept demonstration, and capability exercise, perhaps even unintentionally.

If the only thing the end-users have in the cyberspace, as they can not breed and their social reproduction is virtual, is their computing power they can contribute. They can build apps and trade labor and physical items, but they can not pay back to the society. In the traditional sense, by ensuring social reproduction and by avoiding tax evasion.

On this background, these new Monero-mining malware incidents can perhaps be seen more of like triggers for the further development of the decent governance in and of the cyberspace.

Of course, using the computing power of a random website visitor in order to generate cash for someone is, in one way, inappropriate thing to do. However, ultimately the question is not whether that is the case, but who has the right to exploit resources for their benefit.

Recall, that much of the global social media and “googlish” economy is based on the idea of exploiting side-products of innocent visitors.

On that background, the client side Monero miner is nothing more than a new variation of the theme. And the server side could be also seen as capability training forward forced tax collection in the cyberspace.

Read more about crypto currency mining malware:

Massive Brute-Force Attack Infects WordPress Sites with Monero Miners – BleepingComputer

Hackers target WordPress websites with cryptomining campaign – SC Magazine UK


Start your free 14-day trial now

Protect your websites from malicious traffic - set-up in under 3 minutes.

Try it now

WebARX is compatible with the following platforms: