The NoticeBored awareness module now nearing completion discusses the cryptomining malware that has come to prominence since the materials were last updated a year ago.
It is hard to get terribly worked up about the theft of CPU cycles and joules while we're still battling ransomware, spyware and APTs ... but scratch a little deeper to discover that crypominers are more symptom than cause, the tip of a very chilly iceberg.
Q: How do systems get infected with cryptominers?
A: Through the usual malware infection mechanisms i.e. security vulnerabilities in the IT systems and the people who use them.
Q: How do the crooks benefit?
A: Victims generate money for them, plainly ... but they also expose themselves and their systems to further compromise and exploitation. Ahhhh.
There are shades of the 'fraud recovery' frauds which trick the victims of 419 advance fee frauds into also spending out for mythical 'compensation' and 'lawyers fees'. You'd have thought being suckered once was enough to put people on their guard but it seems not: victims have marked themselves out as vulnerable. "I'm down, kick me again".
I'll leave it there for today as we need to finish the module. Maybe tomorrow I'll have time to blog about the similarities between today's Bitcoin boom and the pyramid or Ponzi schemes of yore.