At the end of October, the new cryptocurrency Zcash was launched. It is positioned by its creators as a more secure alternative to Bitcoin. Soon after the launch, the price of Zcash coins skyrocketed, followed by a spike in the installation of the application used to generate Zcash on personal computers. In many of these cases, the app was disguised as something else and users were unaware that it would lead to their PC being harnessed by criminals to create Zcash.
One of the key features of Blockchain-based currencies is their ability to create a new currency unit (or coin) by utilizing the computing power of machines with specialized “mining” software installed. At the same time, according to the concept of Blockchain, the more coins are produced, the more time and computing power is required to create a new coin.
For example, in 2009 when Bitcoin, the first known, and most popular cryptocurrency was created, it would only take a couple of days for an enthusiast with a mid-performing PC to mine thousands of coins. Nowadays, it’ll take thousands of years and a lot of computing power and electricity to mine just one coin. But this is not the case with some alternative Blockchain-based cryptocurrencies, like Zcash.
Just like Bitcoins in 2009, it is currently relatively easy to mine Zcash as it was only launched a few months ago and so far not many Zcash coins have been generated. However, unlike Bitcoin, the price of Zcash started to dramatically increase almost from its inception. At one point the coin price was $10,000.
Of course, this has made Zcash very attractive to cybercriminals. While tracking the impact of Zcash in the underground market, Kaspersky Lab researchers discovered at least 1,000 computers running mining software capable of generating Zcash. The software was disguised, often as Task Manager tools, and the criminals distributed Zcash mining applications through torrents as an addition to free or pirated software. Users install these programmes voluntarily, unaware of the exact purpose of the app they’re launching. In November, identified PCs were generating Zcash currency equivalent to $6,000 dollars per week net profit for the criminals behind the software.
“The problem is that mining software itself is not malware and the vast majority of security vendors detect it as clean software. In the past, we’ve seen so-called mining botnets – networks of infected computers which install mining programmes – use victims’ PCs to generate new Bitcoins. Eventually, the Bitcoin mining process became worthless due to the enormous amount of time and resources needed to acquire even a fraction of a Bitcoin, and the mining botnets disappeared. The high-profile launch of Zcash may lead to a resurrection of these types of botnets,” said Alexander Gostev, chief security expert, Global Research and Analysts Team at Kaspersky Lab.
Downloading mining software to a PC doesn’t necessarily have severe consequences for a user’s data. However, it does have the effect of increasing the energy consumption level of their machine, which results in more expensive electricity bills. Another consequence is a heavy load on the PC’s RAM because mining software consumes up to 90% of available memory, which leads to a significant performance slowdown.
In order to protect PCs from being used as a mining tool for Zcash, or any other cryptocurrency, users are advised to check their security solutions can detect and block legal software from being used for harmful purposes. Kaspersky Lab products are equipped with this functionality and it can be enabled in “Threats and Exclusion settings”.
The software used by criminals to generate Zcash on user machines is detected by Kaspersky Lab products with the following detection names: RiskTool.Win64.BitCoinMiner.bez and RiskTool.Win64.BitCoinMiner.bfa