If news of viruses and identify theft aren’t enough to make you leery of going online, this new threat might. By simply surfing the web you could be mining cryptocurrency for hackers’ benefit. And, you might not even realize it is happening.

What is cryptojacking?

Cryptojacking, also called in-browser mining, is using a computer’s resources to mine cryptocurrencies for others’ benefit. Cryptojacking is quite clever and has a distinct advantage over and virus-based mining malware in that nothing needs to be installed on the host computer for the attacker to set your computer to work.

Here’s how cryptojacking works

  1. A hacker gains control of a website
  2. Malicious JavaScript mining code is installed on web pages
  3. When visitors land on an infected web page, the Javascript is loaded into their web browser
  4. The JavaScript starts mining cryptocurrency leveraging the visitor’s computing resources and electricity
  5. Cryptocurrency coins, or tokens, are deposited into the hacker’s wallet

How it all started: Coinhive’s Monero script

The Pirate Bay caught Cryptojacking

The Pirate Bay was one of the first to cryptojack visitors.

A few weeks ago a company called Coinhive released JavaScript code that, when loaded by a web browser, could mine a cryptocurrency called Monero. The code, behaved just as outlined in the section above. Once installed, computers visiting infected pages of a web site would be put to task mining Monero with their CPU. CPU stands for Central Processing Unit. Normal humans refer to it as a processor. Think Intel Inside.

The script was quickly adopted by The Pirate Bay who later stated they installed the mining script to generate revenue without serving advertisements to site visitors. Not familiar with The Pirate Bay? Here’s a how they describe their operation from their homepage: Download music, movies, games, software and much more. The Pirate Bay is the galaxy’s most resilient BitTorrent site.

Why aren’t the hackers mining Bitcoin?

Hackers would make nearly nothing if they attempted to mine Bitcoin. Bitcoin’s algorithms require far more computing power than Monero.

What is Monero and why was it selected?

Monero, which goes by the symbol XMR, is a cryptocurrency that boasts privacy. Okay, it boasts being secure, private and untraceable. I know, I know. Just keep reading.

Monero is a secure, private, and untraceable cryptocurrency. It is open-source and accessible to all. With Monero, you are your own bank. Only you control and are responsible for your funds. Your accounts and transactions are kept private from prying eyes.

Monero website


Monero, an untraceable cryptocurrency

Before you implicate Monero in any of this, do know that they had nothing to do with the cryptojacking that is spreading across the Internet. Think of Monero as a Swiss bank account. Sure, they’re a part of the puzzle, but not an active participant.

The original script cited it’s selection of Monero because it can easily be mined by a computer’s CPU. Most cryptocurrencies are best mined with a computer’s graphics card, or computing devices designed specifically to mine them. Monero continues to be used by malicious hackers not only for its ability to be mined by a CPU, but for it’s untraceable nature.

It’s hard to prosecute a hacker if you don’t know who they are.

The Pirate Bay isn’t mainstream, but some infected sites are

It’s unclear how many websites have been coopted to stealthily mine cryptocurrencies, but it’s clearly beyond sites with pirated music and software. Since the release of Coinhive’s in-browser miner, several malicious scripts have surfaced on websites including PolitiFact, CBS’ Showtime and Real Madrid soccer star Cristiano Ronaldo’s official web site. Visitors to Showtime Anytime caught the script before CBS or Showtime did and took to twitter to let them know.

Unfortunately it took over seven hours for the scripts to be removed by the site’s administrators.

From bad to worse: in-browser mining WordPress plugins

While there are literally hundreds if not thousand copy-cat mining scripts available, what might be even more concerning are new WordPress plugins including Coin Hive Ultimate Plugin and Simple Monero Miner. That’s right, WordPress site owners with zero coding experience can now easily add coin mining scripts to their websites, with or without the knowledge of site visitors.

How can you tell if you’re computer has been cryptojacked?

In-browser mining is different than other pop, pop-under, and fake system windows we’ve all come to hate. When a website pops up an ad or won’t allow a browser window to close, it’s clear that something is going on. There’s a visual indication that you’ve wandered into one of the Internet’s many bad neighborhoods. The same can’t be said when a web browser has been cryptojacked. But, there are some things you can look out for.

  • A slow or unresponsive computer – If after navigating to web site your computer suddenly becomes unresponsive or struggles to do simple tasks, it may have been cryptojacked. Why? Cryptocurrency mining is taxing on your computer’s processor. While it is busy mining cryptocurrency, it often doesn’t have enough leftover horsepower to do what you want it to.
  • A hot or overheating computer – When a CPU is mining it generates a lot of heat. You may notice your computer’s fan racing or hotter-than-normal heat being expelled. That may indicate that the computer is mining.

If you think you’re computer is mining, one thing you can do is to check your computer’s resource usage. Windows, Macintosh and Linux computers all have utilities which will show you what resources are being used by your computer’s various components. Look at what applications are heavily using the CPU. If it’s the web browser you were surfing the web with this may confirm your fears.

If your CPU is highly tasked, but by anther hungry application, like Photoshop or video editing software, you’re probably not mining, but instead simply pushing your computer too hard. Try closing applications that are consuming large amounts of CPU power and see the computer starts responding normally again.

If your computer was cryptojacked. Here’s how to stop it.

If your computer is suffering from one of the above tell-tale signs when browsing the web, we recommend you take the following steps:

  1. Close your web browser – Since these malicious scripts are on webpages, closing your web browser should stop them in their tracks.
  2. Restart your computer – If you’ve closed your browser you’re probably safe, but we still recommend restarting your computer.
  3. Run a virus scan – Cryptojacking currently occurs when visiting websites, and hasn’t been found to put any code on your computer. But, just to be sure, we recommend running a virus scan for good measure.

That should take care of it, for now. If it doesn’t either things have evolved since writing this or your computer has a bigger problem.

Stopping in-browser mining before it starts

Whether you’ve been cryptojacked in the past or are just hoping to never be a victim of it, there are measures you can take.

  • Block suspicious websites – Some browsers have built-in site blocking functionality where you can supply a list of sites you do not wish anyone on the computer to be able to visit. Others, like Google’s Chrome browser, don’t have built-in functionality and recommend third-party extensions such as Block Site. Either way, if you’ve found a website that you believe to be cryptojacking, block it.
  • Install ad blocking software – Some ad blocking software can stop cryptojacking. One specific ad blocker, AdGuard, has integrated CoinHive mining detection into their desktop software.

There is one option we aren’t going to recommend: disabling JavaScript. Yes, it would stop the mining dead in its tracks, but it would also make browsing most mainstream websites next to impossible.

What about anti-virus programs?

With in-browser mining being such a new phenomena, the anti-virus world is busy catching up at this time. If your anti-virus software says it can prevent against cyberjacking, by all means enable it.

Have you been a victim of cyberjacking? Share your experience below!

Image ‘System Code” by Yuri Samoilov, used in accordance with its Creative Commons License. Source: Flickr.com

You Might Also Like