A Decade of Unrestricted Wealth

Sergio Pastrana & Guillermo Suarez-Tangil

Hoy traemos a este espacio este artículo titulado “A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth “ de
Sergio Pastrana de la Universidad Carlos III de Madrid y Guillermo Suarez-Tangil de King’s College London .

Abstract —

Illicit crypto-mining leverages resources stolen from
victims to mine cryptocurrencies on behalf of criminals. While recent works have analyzed one side of this threat, i.e.: web-browser
cryptojacking, only white papers and commercial reports have
partially covered binary-based crypto-mining malware. In this
paper, we conduct the largest measurement of crypto-mining
malware to date, analyzing approximately 4.4 million malware
samples (1 million malicious miners), over a period of twelve
years from 2007 to 2018. Our analysis pipeline applies both static
and dynamic analysis to extract information from the samples,
such as wallet identifiers and mining pools. Together with OSINT
data, this information is used to group samples into campaigns.
We then analyze publicly-available payments sent to the wallets
from mining-pools as a reward for mining, and estimate profits
for the different campaigns.
Our profit analysis reveals campaigns with multi-million earnings, associating over 4.3% of Monero with illicit mining. We
analyze the infrastructure related with the different campaigns,
showing that a high proportion of this ecosystem is supported by
underground economies such as Pay-Per-Install services. We also
uncover novel techniques that allow criminals to run successful
campaigns.