uPlexa Partners with Controversial Software, CryptoLoot

August 2018 marked the eigth consecutive month where cryptomining malware dominated Check Point’s Top Ten Most Wanted Malware Index, with the Coinhive variant retaining the top spot as the most prevalent malware at a global reach of 17%. Cryptoloot – another crypto-mining software – was close behind with a global reach of 14% [1]

As of today, uPlexa, a new browser based anonymous cryptocurrency, has announced an official partnership with CryptoLoot, one of the most controversial pieces of software available today. uPlexa claims that with this partnership, they: “will be able to study [CryptoLoots] statistics and analyze direct results in order to test and improve our codebase with the aim of allowing for higher hashrates and efficiency amongst IoT devices.”[2]

They also go on to say: “With [CryptoLoots] users, in combination with individuals who would like to utilize their IoT devices during the beta mine, we will collectively have enough data to make any necessary changes to our codebase prior to our official launch.” [2.1]

Although CryptoLoot was created as an alternative to forced popup advertisements, incentivizing users to mine for webmasters and developers, it has received quite a negative blowback from the network security industry. Their software has been labeled “malware” or “cryptojacking”, as a form of expression by frusterated users who are forced to have their computers mined without consent. CryptoLoot does mention they do not condone using the script on websites without consent from users. However, it appears many abuse the software by having the software run in the background.

Browser based miners have a 5-10% hashrate control over the Monero network. It would make sense for uPlexa to onboard CryptoLoot, to help provide a significant hashpower right off the bat, and to help reduce the likelihood of a 51% attack. With CryptoLoot reporting its data directly to uPlexa, uPlexa will likely have the proper insights to alter their algorithm in support of lower end CPU devices, such as phones, TVs and routers.

With CryptoLoot under major scrutiny by the netsec community, it would appear as though they’re trying to improve their reputation by working with their community and other teams to produce a more end-client friendly piece of software. This is unlike any partnership we’ve seen in the cryptosphere so far, it will be interesting to see how it all plays out.

Sources:

[1] https://blog.checkpoint.com/2018/09/11/augusts-most-wanted-malware-banking-trojan-attacks-turn-up-the-heat/

[2 & 2.1] https://www.reddit.com/r/uPlexa/comments/9nus7x/partnership_cryptoloot_browser_based_miner/