Globally, cryptocurrency mining malware wreaked havoc in 2018, infecting more than five million people in the first three quarters of that year.
Recent Kaspersky’s research shows that in some African countries, the threat of malicious crypto miners remains prevalent.
Currently, in South Africa, the share of all users targeted by malicious crypto miners in H1 2021 was 0.60%. In Kenya, the share of all users targeted was 0.85% and in Nigeria, 0.71%.
“Although these percentages may be interpreted as low and may not seem significant to users, crypto-miner malware has been identified as one of the top 3 malware families rife in South Africa, Kenya and Nigeria at present,” says Bethwel Opil, Enterprise Sales Manager at Kaspersky in Africa.
Kaspersky believes these latest stats emphasise that as cryptocurrency continues to gain momentum, more users will likely be targeted throughout the continent.
In certain African countries, the share of all users targeted by malicious crypto miners is much higher: Ethiopia shows a share of 3.68% and Rwanda has a share of 3.22%.
“Lately, many have become interested in cryptocurrencies, and attackers would not pass up the opportunity to use this to their advantage. At the same time, both those who want to invest or mine cryptocurrency and simply the holders of such funds can find themselves on the fraudsters’ radar,” said Alexey Marchenko, head of the Content Filtering Methods Development department at Kaspersky.
“For example, one of the schemes we recently discovered went as follows: users received a message about the sale of an exclusive Coronavirus vaccine earlier than official schedules and only for those who have Bitcoins. This type of fraud was especially prevalent when the vaccines just became available. The user went to the site where the contact indicated, to which it was necessary to write to pre-order the vaccine. The target then needed to make an advance payment in Bitcoins, with the money going to the cybercriminals’ account and the person receiving nothing in return.”
When looking at the fraudulent global resources detected by Kaspersky, typically, cybercriminals locate sites in popular domain zones: .com, .net, .org, .info, as well as in zones where domain acquisition is cheap: .site, .xyz, .online, .top, .club, .live.
A distinctive feature of phishing and other types of cryptocurrency fraud is the high level of detail on phishing websites. For example, on fake crypto exchanges, real data, such as bitcoin rates, is often loaded from existing exchanges.
Attackers understand that people who are investing or are interested in this area are often more tech-savvy than the average user. Therefore, cybercrooks make their techniques more complex in order to get data and money from these people.