Google Cloud Adds Crypto Mining Malware Detection Tool

Illegal cryptocurrency mining is one of the most common exploits of compromised remote storage accounts.

google cloud crypto mining malware detection

Google Cloud has expanded its range of security features to address the growing threat of illegal cryptocurrency mining as more companies adopt cloud storage technology.

To protect Google Cloud clients and the virtual machines running on its infrastructure, the company unveiled its newest threat detection layer, Virtual Machine Threat Detection (VMTD). 

Illegal cryptocurrency mining is one of the most common exploits of compromised remote storage accounts. Digital asset mining typically requires large amounts of computing power, which Google Cloud customers happen to pay for.  


The new Virtual Machine Threat Detection (VMTD) tool utilizes an agentless memory scanning that assists in detecting cryptocurrency mining malware as well as other threats such as data exfiltration and ransomware in virtual machines. 

This means that VMTD users will be empowered to detect malicious behavior in their VMs without installing any additional software that could impact performance or increase the risk of a potential attack.

“Not running an agent inside of their instance means less performance impact, lowered operational burden for agent deployment and management, and exposing less attack surface to potential adversaries,” explained the Google team.


The VMTD feature is currently only available as a public preview for Google Cloud’s Security Command Center Premium customers. The company expects to be able to make the tool available to all of its customers within the next few months. In the meantime, the Google Cloud team is planning the steady release of new detection capabilities and integrations for other aspects that fall under the Google Cloud infrastructure purview.

The Use of Hacked Accounts to Mine Crypto

As more organizations worldwide continue to shift to employing cloud services and technologies, they have become common targets for hackers.

Compromised cloud accounts make up the majority of illegal cryptocurrency mining exploits. According to Google, 86% of its compromised cloud instances were used to mine digital currencies in 2021. In some cases, malicious actors installed crypto mining malware just 22 seconds after compromising the victim cloud accounts.

Illegal cryptocurrency mining typically consumes the CPU/GPU resources and storage space of the computer without the owner’s knowledge.

Many successful attacks happen due to poor customer security practices, and are enabled by weak or even a lack of passwords at all, or via the installation of vulnerable third-party software explains Google.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Simona Ram

Simona Ram is a senior journalist at DailyCoin, based in Lithuania, who covers the forces and people shaping the Web3 industry and the areas where decentralized crypto assets meet the centralized world. She has experience in business communication within the financial sphere and has a degree in Foreign Languages, which helps her interact effectively with sources from diverse backgrounds. In her free time, Simona enjoys exploring new cultures.