The Story Behind the Frying of an Egg on a Router
The Symantec Blackhat Conference for many years past features the awesome talent of many ethical hackers to display their wits and contribute to a safer computing world for everyone. But this year is the first time in the Las Vegas conference that frying an egg using a router became a spectacle. It turns out that Symantec was only emphasizing how cryptojacking malware, a type of virus that mines cryptocurrency using the infected device’s processing hardware, overheats hardware to a point of lessening their useful service life.
The consumer router infected with cryptojacking malware used in the egg frying-demonstration was able to generate 66 degrees Celsius of heat, enough to fry an egg in 20 minutes. “We’re trying to shed light on the kinetic effects of cryptojacking. They’re stealing your electricity and putting a massive amount of wear and tear on your devices, and for what, six cents?” said Brian Varner, Symantec representative in the event.
Cryptojacking malware was initially found in the PC space, but it was later discovered that routers, IoT devices, smartphones, tablets, and servers are also targeted by the malware. The cybercriminals will take all the hardware they can get, in order to selfishly mine cryptocurrency at the expense of the victim’s machine.
Symantec has successfully demonstrated in their egg frying demo that even a low powered device such as a consumer router can be overused by the cryptojacking malware. The malicious activity can make a low power device use more electricity than it normally will consume, increasing the level of wear and tear compared to regular use. The media has not picked-up the news of the rising frequency of cryptojacking infections, enabling cybercriminals to propagate their new invention while most users are not fully aware of its existence.
Symantec wants to show that the simulation proved a point that there is a need to expand awareness regarding cryptojacking malware. Poor victims get subjected to higher electricity cost, while the virus authors are earning profits due to cryptoming.
Bitcoins and its derivatives can only now be mined using expensive ASIC (Application-specific Integrated Circuit) machines, which use a lot of electricity in the process. Virus authors have implemented a clever idea of developing malware enables them to mine cryptocurrency using the victim’s hardware. Such virus development is considered easier to deploy, as it doesn’t announce its existence to the user. All mining hashes are computed in the background, using the processing power of the infected hardware. This is in sharp contrast to Ransomware, another money-making scheme of virus authors, but considered very loud and out, as it encrypts user files for a ransom. Ransomware’s weakness is its inherent need to announce its existence to the users to earn a profit from ransom.
Alongside revealing that a humble consumer router is targeted by cybercriminals for cryptomining, Symantec also emphasized that MacOS computers are also vulnerable. This is because of web browser cryptojacking malware. A browser visiting a cryptojacking malware-harboring site is enough for the browser to be taken over by the virus. Such virus will use the web browser to mine cryptocurrency. “Consumers also need to consider that their laptops and desktops, as well as their mobile and IoT devices, are some of the most popular targets for cryptojacking. Browser-based cryptominers (which involves coinmining on a web browser) can generate around 1 cent per 24 hours, whereas file-based cryptominers (which involves downloading and running a dedicated executable file on your computer) can generate 25 cents per day. This means a botnet of 10,000 infected machines can generate up to $75,000 per month. Of course, the amount of money generated fluctuates with the price of cryptocurrencies,” Symantec concluded in their blog.
Kevin Jones346 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others. He holds prestigious certifications like OSWP, OSCP, ITIL. His goals in life are simple - to finish her maiden business venture on Cybersecurity, and then to keep writing books for as long as possibly can and never miss a flight that makes the news.