Share this article
Cryptomining Malware Targets Back-to-School Students With Fake Textbooks
Security experts have found thousands of pieces of malware on ebook download sites.
By John Biggs
Updated Sep 13, 2021, 11:25 a.m. Published Sep 5, 2019, 8:00 p.m.
Security software provider Kaspersky has identified a form of cryptomining malware that has taken root in multiple sites where pirated textbooks are upload and downloaded. The delivery agent, WinLNK.Agent.gen, has been active since 2011 but now its payload is a bit more lucrative for the folks who spread it.
The malware masquerades as a book or essay packed in an executable file which allows the hacker's command-and-control system to send other pieces of malware, including cryptominers and spam delivery systems, onto an infected computer. How do we know the malware is targeting students? Kaspersky watched its logs and saw "233,000 cases" of malicious essays and "122,000 attacks by malware that was disguised as textbooks."
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
"More than 30,000 users tried to open these files [this year]," they wrote.
Downloading out-of-copyright ebooks and library books is quite simple and safe so this malware targets harder-to-find textbooks. Our own quick Google search found a number of ebook versions of various beginning college texts that cost $150 or more online. While most of them were PDFs, there were a number of executable files that were flagged as malware.
Far more pernicious, interestingly, are the ads masquerading as download links that send you to malware sites rather than the correct PDF or ePub file. While you can save money pirating these books online – when you can find them – it's clear the results can sometimes be nasty.
Skull image via Shutterstock
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Bitcoin Rebounds to $93K From Post-Fed Lows, but Altcoins Remain Under Pressure
Downward pressure on bitcoin is losing steam, with the market stabilizing but not yet out of the woods, said one analyst.
What to know:
- Bitcoin rebounded from a sharp early selloff on Thursday to trade above $93,000 shortly after the close of U.S. stocks.
- The late-day gain in bitcoin came alongside a rebound in the Nasdaq from big morning losses; the tech index closed with just a 0.25% loss.
- Downward pressure on bitcoin is losing steam, said one analyst, but the market is not yet out of the woods.
Top Stories
