Cloud Computing Hijacked for Mining
It is legal, safe and rather easy to buy cloud computing power from some of the big providers. But hackers are getting processing power for free to mine for cryptocurrencies that are compatible with processor-based mining.
When mainstream news outlets talk about hidden mining, they will usually hype up the case and state that "Bitcoin mining" is happening without the knowledge of companies and users. But in reality, hidden mining is producing coins of another type, which are sometimes mistaken for Bitcoin. The most common coin mined is Monero.
Some of the latest cases of hidden mining hijack the powerful cloud computing resources of corporations, most notably Amazon Cloud Service. Microsoft Azure and Google Cloud also offer similar access to multi-core processors.
Here is a recent snippet from a mining command executed on a hijacked computer:
This command does not mine Bitcoin, but a coin based on the Cryptonight algorithm, and uses the Minergate software. This is the most common hidden mining tool discovered on infected computers. The misnomer of "Bitcoin mining" may be due to the outsized popularity of Bitcoin and lack of knowledge for other forms of mining.
According to this Reddit thread, in general using Amazon AWS to mine Monero is doable, although subject to ToS restrictions, as running an open Monero node could be considered a virus or a potentially harmful connection. But paid computing power may fail to produce profitability, as currently Monero is mined with a much higher hash rate.
The Monero hash rate has more than tripled since June, indicating that much more computing power is engaged in producing the coin. The Monero market price has exploded, reaching a peak near $150, but sliding back toward $90. Monero has a double reputation- on the one side, it has a robust community monitoring updates and
But engaging enough machines can produce some results. Recently, hidden in-browser mining has been rising and annoying users on several instances. The Pirate Bay was the most high-profile case, but smaller sites have been using an embedded mining tool.
Curiously, Monero mining has been linked to a hacker attack most likely originating from North Korea.
Monero mining can be easily noticed by monitoring the workload of a system. The Minergate software is notoriously draining of computer resources. And there are known IP addresses and ports that are used to connect the mining software, such as http://208.115.205.***:8220/minerd.