What is a Cryptoware?
A Cryptoware, also known as Cryptominer-supported software, is a program that installs either a standalone Cryptominer program without or with user’s approval, or a Cryptominer module as part of the main program. These separate programs or modules included in the main program are not required for the working of the main program. For example, an AntiVirus/AntiMalware including a Cryptominer is a Cryptoware. A computer security software does not need a Cryptominer for any of the computer security-related functions.
I’m naming it Cryptoware, similar to an Adware or a Bundleware, and other PUP/PUA, since it also installs these Cryptominers without the user’s permission, is not needed for the functionality of the main program installing it, and is potentially an unwated program/application for the user.
A Cryptominer doesn’t steal your data, infect your computer, or spy on you, instead it uses your electricity and computer resources to mine Crypto.
On January 4, 2022, we had our latest type of Malware in Cryptoware when a behemoth Security company silently decided to include/install a Cryptominer along with their main AntiVirus/AntiMalware software suite. A Crypto Miner was installed as part of the computer security product without user permission. However, the module was turned off by default at the time it was launched.
Cryptoware and Minernet
One major issue with these Crypto modules with a centralized management is that if hacked it could create something I’m calling a Minernet, a network of Cryptominers with a centralized control. It would a distributed form of Cryptojacking. Even if a software developer has set a limits to such Crypto modules to say use only 10% CPU and GPU, or 1000 IOPS or 100 MB/s for various kinds of Crypto mining operations but if hacked, the hacker could set these limits to a higher value and damage the hardware a lot sooner.
Expect to see more of these in the coming years as the Crypto (currencies) craze rages on. The first implementation was subtle (where the Cryptominer disabled by default), but that was maybe because the product was a paid product. But, how long do you suppose until these Miners come enabled by default? Pretty soon, I think. Since this was first found on an AV product, there’s a strong reason to believe that some of the Free AntiVirus/AntiMalware or other security software/apps would be following this shameful practice very soon, followed by all other kinds of free software/apps, and possibly on other operating systems and platforms as well.
The best thing would be to avoid the products/companies installing/bundling these Crypto modules/programs to stop this trend from catching on.