Malicious computer software — collectively known as malware — changes over time. Years ago, viruses were the most popular form of attack; more recently ransomware has made headlines.
But in the past few months, a new form of malware has arisen: cryptomining attacks, also known as cryptojacking. Let’s look at what this is, and what it does to affected computers.
A Review of Cryptocurrency Mining
We’ve recently explained how Bitcoin works, but we’ll offer a brief summary of how new cryptocurrency is created here as it’s necessary to understand cryptojacking.
The entire history of all transactions in a cryptocurrency, such as Bitcoin, is collectively kept by everyone who uses the currency. This is known as the blockchain. A process called mining occurs when people work to update the blockchain with new exchanges. This requires computers to do intense mathematical problems, and whoever solves them first is rewarded with some currency for their trouble.
The more resources you have for mining, the faster you can solve the mathematical problems. Thus, many have turned to cryptojacking — placing mining software inside websites and software. This allows miners to utilize the computing power of your machine, and anyone else’s machine they infect, to mine more efficiently.
Cryptomining on Websites
Several popular websites have hidden cryptomining scripts on their pages. Some of them are shady websites like The Pirate Bay, but legitimate sites such as TV network Showtime have as well. Most of these utilize a service called CoinHive, which makes it easy to implement this behavior on your website.
Using CoinHive and similar tools, a website owner can utilize the computing power of anyone who visits their site for mining. Many of them do not ask for your permission; they simply start using your CPU power to mine for cryptocurrency while you’re browsing the page.
Whoever adds this tool to their site decides how much power to use per system. If they’re greedy, or you’re using a weaker computer, this could slow your performance to a crawl. On the flipside, whoever is doing this could reduce the mining power in the hopes that it won’t slow down your device and thus alert you that something is wrong.
Most websites show visitors ads — this lets people enjoy content for free while allowing the site to make money from the advertisements. As these cryptojacking services have grown in popularity, some sites have begun to offer users a choice: see advertisements as usual, or have their computer used for cryptocurrency mining while they visit.
Many users dislike ads because they’re often invasive, misleading, or annoying. Thus, services like CoinHive can provide an alternate source of revenue for websites without relying on ads.
However, the choice should be up to you, and most websites just start mining without asking. It’s possible that someone is hacking these websites and inserting the mining service without their knowledge, but it’s more likely that sites like Showtime are using them to make extra money.
Unless the cryptojacking tool is extremely invasive and hides the window to keep mining, your computer will stop being used for this once you leave the website.
Cryptomining in Apps
Cryptojacking on websites has become popular thanks to CoinHive, but this behavior has been embedded inside programs too. In 2015, the popular torrenting program uTorrent included a miner without letting its users know. Many Google Chrome extensions hide crypto miners, which Google has recently banned.
Unfortunately, Android has had issues with cryptojacking in apps as well. A handful of Android apps were found secretly mining in the background, with other apps featuring malicious ads that opened websites for the same purpose.
Since it’s relatively easy to put an app on the Google Play Store, the home for Android apps, unsuspecting users can download an infected app and not realize what’s happening in the background. Additionally, most smartphone users don’t have security software installed, so there’s nothing to catch this.
How We’re Protecting You From Cryptomining
We use Webroot Antivirus to protect the computers of our Managed Services clients. As cryptojacking is an unwanted behavior, the company has confirmed that Webroot helps block cryptojackers like Coinhive.
If you visit a site that wants to use your CPU to mine, Webroot will prevent you from visiting it to keep you safe.
Cryptojacking Raises New Questions
Unwanted cryptocurrency mining ranges from a minor annoyance to a big issue.
If you visit a website that uses a fraction of your PC’s power to mine for a few minutes, it’s not a huge deal. The mining stops after you leave the page, and it probably didn’t affect your PC’s performance much. Of course, it’s still unethical for a site to use your computer to make money without telling you.
However, the most aggressive cryptojacking could cause damage. One Android cryptocurrency miner was so demanding that it burst open a device. While consumer-grade CPUs can run at full capacity without much issue, you probably don’t want to subject your computer to unnecessary wear and tear for no good reason.
In the future, we’ll see if crypto miners become a viable alternative to advertisements. One thing’s for sure: using people’s devices to make money (money they could be making themselves using their own device) without telling them is wrong.
If you use Android, you can reduce your susceptibility by avoiding apps from unknown developers. For your PC, the Chrome extension No Coin will block cryptojacking in your browser.