Cryptojacking accounted for 73% of the total value received by malware related addresses between 2017 and 2021, according to a new malware report from blockchain analysis firm Chainalysis.
Malware is used to conduct nefarious activity on a victim’s device such as a smartphone or PC after being downloaded without the victim’s knowledge. Malware-powered crime can be anything from information-stealing to denial-of-service (DDoS) attacks or ad fraud on a grand scale.
The report excluded ransomware, which involves an initial use of hacks and malware to leverage ransom payments from victims to halt the attacks. Chainalysis stated:
“While most tend to focus on high-profile ransomware attacks against big corporations and government agencies, cybercriminals are using less sophisticated types of malware to steal millions in cryptocurrency from individual holders.”
Chainalysis’ Wednesday report focuses on the various types of crypto-malware, excluding ransomware, used over the last decade such as info stealers, clippers, cryptojackers and Trojans, noting that they are generally cheap to acquire and even “low-skilled cybercriminals” can use them to siphon funds from their victims.
Cryptojacking tops the list of value received via malware at 73%, Trojans were ranked second at 19%, "others" totalled 5% while information stealers and clippers represented a mere 1% each.
According to Chainalysis, malware addresses send the “majority of funds on to addresses at centralized exchanges,” but note that figure is declining. As of 2021, exchanges only received 54% of funds from those addresses compared to 75% in 2020 and around 90% in 2019.
“DeFi protocols make up much of the difference at 20% in 2021, after having received a negligible share of malware funds in 2020.”
The report looked at the prolific Hackboss clipper that has stolen around $560,000 since 2012 by infecting users' clipboards to steal and replace information. It found that the “Cryptobot” info stealer was a significant source of ill-gotten gains in 2021, generating $500,000 worth of Bitcoin (BTC) from around 2,000 transactions.
Cryptojacking malware utilizes the victim’s computing power to mine various cryptocurrencies, with the target asset of choice “usually Monero (XMR)” but Zcash (ZEC) and Ether (ETH) are sometimes also mined.
Chainalysis notes that a specific amount generated by this method is hard to pin down as the funds are transferred from mempools to unknown mining addresses as opposed to “the victim’s wallet to a new wallet” in other cases.
Despite being unable to provide an estimated monetary figure on the harm caused by cryptojackers, Chainalysis projects this malware type to account for almost three quarters of the total value generated by crypto-malware.
The report noted a 2020 report from Cisco’s cloud security division, which stated that cryptojacking affected 69% of its clients, this translating to an “incredible amount of stolen computer power” used to mine large amounts of crypto.
It also highlighted a 2018 report from Palo Alto Networks which estimated that 5% of Monero’s circulating supply was mined by cryptojackers, estimated to be worth around $100 million in ill-gotten revenue.
Info Stealer and clippers
Info stealers are used to swipe the victim’s crypto wallet info and account credentials, while clippers can be used to insert a specific text into the victim’s clipboard.
Clipper malware is often used to hijack the victim's outgoing transactions by inserting the cybercriminal’s wallet address when victims attempt to paste a sending address.
The report noted that these two types of malware received a combined 5,974 transfers from victims in 2021, up from 5,449 in the year prior.