Thousands of Internet cafe computers “poisoned” with Siacoin miners
Sell mining malware to computer maintenance companies and share the profits. What could go wrong?
Details of a unique cryptojacking scheme have emerged following the recent arrest of ringleaders in China. The scheme is believed to have only infected some 100,000 computers, but it got very good use out of them at a very auspicious time.
The scheme centred on infecting Internet cafe computers to mine Siacoin throughout last year, right before it shot up in price. All up, it's believed to have pulled in about US$800,000 worth of Siacoin over the months, Hangzhou News reports.
An entry point
The scheme is believed to have been masterminded by the network technician of an Internet cafe software company JinHua. He created the mining program which was then packaged as a product for Internet cafe maintenance companies.
The maintenance companies would then install the software on Internet cafe computers and share the profits from the machines they infected. It's thought that about 100,000 computers across 30 cities were infected this way over a few months.
They got some very good use too. Unlike most cryptojacking malware, JinHua's creation didn't hold back and focused on consuming as much power as possible as quickly as it could.
It was immediately apparent to victims that something was wrong. Programs would grind to a halt, and their energy bills skyrocketed. They then turned to their usual maintenance providers who, unsurprisingly, managed to not find anything wrong.
"So many computers collectively poisoned, and every month electricity bills go up. This business simply can't be done," said one Internet cafe owner.
As the problem started spreading, it soon became apparent that something was very wrong, and the Internet cafe owners collectively complained to local police. The arrests started in October 2017, and 16 people have been taken into custody so far. The investigation continues though, and it's thought that the practice has spread among maintenance firms and that the malware may still be making its way around the country.
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and XRB.