Cryptocurrency Malware Steals Computing Power To Mine Coins

Hackers could be stealing your computer power to mine digital currencies

Mining digital coins is not an easy task. Even so, there’s every chance that you could be a cryptocurrency miner. By hiding stealthy software in sites, cybercriminals have found a way to exploit the CPU (Central Processing Unit) of visitor’s computers to mine coins. Last month, a string of sites were found to have mining tools written into their source codes, including a number of Chrome applications and WordPress admins. As if there weren’t already enough cybersecurity holes to fall into, cryptocurrency mining malware presents yet another threat for Internet users to contend with.

Privacy and permission

Perhaps unsurprisingly, cybercriminals aren’t the first to take advantage of the secret software. In fact, websites first began adding these tools themselves to generate extra revenue. The issue is that in many cases visitors don’t know that their computer power is being used. In response to concerns over exploiting users, US Internet security company Cloudflare began to ban certain sites from their service. One such site was ProxyBunker, which provides links to other proxy sites including The Pirate Bay. Although ProxyBunker’s miner could be stopped by the user, Cloudflare would only reinstate the site if the software was completely removed. Worryingly, this technique isn’t confined to proxy servers. In September, it was discovered that US streaming site Showtime Anytime was running a tool called CoinHive which aimed to mine Monero. Relatively new crypto alternatives like Monero are attractive because they are easier to mine than high demand options, and their transactions are harder to trace.  It’s still uncertain as to whether Showtime Anytime intended to add the miner. At the moment, cryptocurrency mining tools can be detected using antivirus software, but illegal operations carried out within businesses are much harder to uncover. Employees with access to company computers and an adequate level of technological knowledge could use the combined CPUs to mine coins. It might be clever, but it could seriously compromise the performance of the business. Between January and August alone, IBM’s X-Force security team charted a six-fold increase in cryptocurrency mining attacks on enterprises.

How might stealthy crypto mining disrupt the digital currency scene?

The debate over cryptocurrency mining malware highlights a number of important trends. First, it proves that mining is getting harder. The storage space needed to mine Bitcoin, for instance, is 60GW per transaction. That’s a lot. As such, miners need to think outside of the box. Unfortunately, this has and could continue to create problems for the online community. At the same time, established digital currencies could stand to lose out as interest is distributed. The use of secret tools also highlights wider issues of trust on the Internet. How sure can we be that our data and resources are protected? Not very, if the crypto mining software is anything to go by. This realisation could be a positive thing, as users will be more careful about the sites they use and the information they give away. As a result, online businesses and organisations will need to find new ways to persuade consumers to part with data. Additionally, software like CoinHive represents a new type of cyberattack that blurs the lines between illegal and legitimate behaviour. While it might not sound as aggressive as ransomware and adware attacks, it’s still stealing. The effect on one personal computer may not be significant, but imagine if the victim was an entire company.

Internet users are already giving away valuable data at every click – but now they’re having their own computing power exploited for other people’s monetary gain. The situation is even more alarming considering that entire computer networks could be taken advantage of. As well as bringing into question the ethics of the Internet, this is damaging for the cryptocurrency community. If the computers used to mine coins could somehow be credited, and permission controls were put in place, perhaps everyone could benefit. For now, though, users will have to rely on common sense, antivirus alerts and pure luck.

Does the growth of questionable mining techniques signal a major problem for the crypto community? Should Internet security sites set out clear guidelines for the use of cryptocurrency mining tools? Will other service providers follow Cloudflare’s example and ban sites that use stealthy cryptocurrency miners? Comment below with your thoughts.