Why Most Security Software Flags Coin Miners / Crypto Miners as PUAs (Potentially Unwanted Applications)

The act of crypto mining appears to be a simple way to earn money due to its widespread practice globally. However, if an individual tries to install this software on a PC with a dedicated security solution, it will immediately trigger the protection software, halting the installation process. Unless a user has the necessary knowledge and experience, they cannot proceed with the installation.

Crypto mining can be performed by almost anyone by downloading a crypto mining application, setting up an account and wallet, and initiating the mining process. The mining process involves the software performing complex mathematical calculations required for verifying blockchain transactions. The type of coin mined determines the resources the software uses from the PC. Some mining processes are more demanding than others and may utilize the CPU or GPU.

Irrespective of the legitimacy of the application, cybersecurity vendors categorize coin miners as Potentially Unwanted Applications (PUA), and their security solutions will block the installation of such applications. This non-discriminatory filtering is necessary because cryptomining requires multiple computers or dedicated systems built explicitly for mining, making it an expensive venture.

Criminals understand the high cost of crypto mining and have devised attacks and malware that compromise computers or servers, install mining software and redirect profits to their wallets. Although the malware used for the attack is designed specifically for mining, the mining software is legitimate. Bitdefender detected an active cryptojacking campaign from a group that aimed to compromise Linux servers. The attackers used a legitimate miner named XMRig with a custom-embedded configuration file to mine Monero.

As a precautionary measure, security solutions such as Bitdefender Total Security block the installation of mining software by default on computers. The only difference between an infected system running mining software and a clean one is the configuration file with different wallets. Therefore, it is safer to prevent the installation of mining software than to risk unauthorized crypto mining and data theft.

Leave a Reply

Your email address will not be published. Required fields are marked *