Is cryptocurrency mining malware the fresh adware, Emsisoft, Security Blog

No matter what critics say, it’s clear we’re te the midst of a digital gold rush.

Many cryptocurrencies have exploded te value ter latest months, Ethereum, for example, skyrocketed from $8 at the embark of 2018 to $289 at the time of writing, while Litecoin’s value grew from $Four to $50 across the same time period. The total market capitalization of cryptocurrencies leaped to almost $180 bn from $Nineteen bn te only 8 months!

Of course, it’s not only tech-savvy investors who are loving the foamy conditions. The upbeat crypto market has naturally drawn the attention of cybercriminals and hackers, but it’s also attracting crafty webstek operators who are using sneaky code to turn webstek visitors into cryptocurrency miners without their consent.

The latter activity raises all sorts of interesting questions. Should in-browser mining be considered criminal activity? Is it simply the next step te the evolution of adware? Or could it be a legitimate way for developers to finance free software?

How does cryptocurrency mining work?

Cryptocurrencies are built on blockchain technology, which is essentially a distributed and decentralized ledger. The term ‘mining’ refers to a user verifying the gegevens ter this ledger overheen and overheen again. When the blockchain determines enough effort has bot waterput into the verification process, it prizes the miner with a fraction of a digital currency.

Today, mining is so resource intensive that it’s simply not a profitable undertaking for regular people (with the exception of some minor coins, which are still relatively effortless to obtain). However, that hasn’t stopped criminals from coming up with creative ways to hijack the computational power of unaware victims and using their machines to mine for cryptocurrencies. Ter fact, cryptomining attacks have enlargened a staggering 600 procent te 2018, according to figures collated by IBM.

Adylkuzz is one of the largest chunks of cryptocurrency mining malware of 2018. Exploiting the same security vulnerabilities spil WannaCry, Adylkuzz affected hundreds of thousands of rekentuig earlier this year. After successfully infecting a device, the malware installs itself and uses the victim’s computer’s resources to mine Monero, a cryptocurrency that offers greater anonymity than many of its peers. It could take a single device years to successfully mine cryptocurrency, but when recruited into a large botnet comprised of thousands or millions of devices, the mining is much more profitable (particularly when someone else is paying the electro-therapy bill… you).

It’s only recently that we’ve seen a acute upswing ter the use of cryptomining malware, but it’s significant to note that this type of attack has bot around for some years. Te 2014, tech giant Yahoo accidentally exposed some two million European users to cryptomining malware hidden ter ads on the Yahoo homepage. Experts estimated that about 27,000 users were infected vanaf hour the malware wasgoed on the webpagina. Meantime, ter 2015, uTorrent drew mighty criticism for silently bundling bitcoin miner EpicScale ter an update.

While traditional cryptomining malware such spil thesis rely on successfully infecting a machine, there’s a fresh wave of mining malware that requires no interaction beyond visiting a webstek.

The rise of in-browser cryptocurrency mining malware

All websites have operating costs. The more traffic the webstek attracts, the greater the costs. Many websites use online advertising to offset thesis expenses but – verrassing, verrassing – people don’t like ads. With adblock usage growing by more than 30 procent inbetween 2016 and 2018 and web users becoming more selective with what they click on, it’s firmer than everzwijn for websites to sustain themselves using advertising revenue alone.

So what’s the solution?

According to some webstek owners, the reaction lies ter cryptocurrency mining. A number of webstek operators have taken to exploiting their users ter order to pay their web hosting bills. Monero is almost always the currency of choice because it is optimized for CPU. JavaScript can manipulate the CPU more effectively than the GPU (graphics adapter), which most other cryptocurrencies are optimized for. By injecting devious JavaScript code known spil Coinhive into their sites, webstek operators are able to corset the processing power of webstek visitors and use it to mine for Monero.

This all takes place without the visitor’s skill or consent because, unlike conventional mining malware, this fresh breedgeschouderd of cryptojacking doesn’t rely on your engagement. You simply visit the webstek, and your device is automatically transformed into a miner.

It should come spil little verrassing that the websites that have bot caught using cryptojacking malware are those at the fringes of the internet.

For example, ter September users of The Pirate Bay experienced phat system haul when visiting certain pages and soon learned that a Monero JavaScript miner wasgoed to blame. Admins of the BitTorrent webpagina quickly responded, framing the in-browser mining spil a ‘test’ to see if it could be used to substitute the site’s ads, which are often riddled with malware. TorrentFreak estimated the mining malware could be netting The Pirate Bay about $12,000 vanaf month – a figure not to be sneezed at, but a druppel ter the ocean compared to the $Four.Four million ad revenue generated annually by leading torrent sites, spil estimated by the Digital Citizens Alliance (PDF).

Showtime, a legitimate movie streaming webstek, wasgoed also recently caught using Coinhive. The mining code wasgoed quickly pulled off the webpagina but, ter tegenstelling to The Pirate Bay admins who were relatively semitransparent about the miner, Showtime has yet to acknowledge or comment on the situation.

Risks, ethics and legality: A philosophical discussion

In-browser cryptocurrency miners are certainly on the shady side, but are they actually illegal? The reaction to this question largely comes down to consent. Many users who’d bot duped into mining for The Pirate Bay were upset not because their CPU power wasgoed being used to mine Monero, but because they hadn’t bot consulted very first. Many said they would have gladly opted ter if The Pirate Bay admins had bot up vooraanzicht from the commence and see-through about their intentions.

Thesis sentiments weerklank what is written ter law. Ter 2015, the Fresh Jersey Division of Consumer Affairs shut down TidBit, software that would permit websites to leverage visitor’s pc resources to mine for Bitcoin. The court ruled that doing so wasgoed the omschrijving of illegally gaining access to someone’s rekentuig.

“We do not believe Tidbit wasgoed created for the purpose of invading privacy,” commented Division of Consumer Affairs Acting Director Steve Lee.

“However, this potentially invasive software raised significant questions about user privacy and the capability to build up access to and potentially harm privately possessed computers without the owners’ skill and consent.”

It’s Steve Lee’s final word that’s significant: consent. In-browser mining without your consent can securely be classed spil criminal activity. It devours your CPU power, uses your electrical play and potentially leaves you exposed to some privacy and security concerns without providing you the choice of backing out.

If, on the other mitt, you consciously agree to permit a webstek to take control of your hardware te favour of eyeing adverts, can it truly be considered illegal or malware?

How to prevent your device being hijacked for mining

Regardless of whether you classify in-browser mining spil malware, adware or an innovative way to pay the bills, chances are you’ll want to block webstek operators from taking control of your system’s hardware. Here are a few ways to avoid inadvertently becoming a miner:

  • Install No Coin:This lightweight, open-source browser extension monitors sites for potential in-browser mining activity and alerts you if anything suspicious occurs. It also permits you to block and whitelist sites. Available on Chrome, Firefox and Opera.
  • Be mindful of CPU spikes: Be conscious of your browsing habits and attempt to identify any unexpected liggen or system haul that occurs when you flow a webstek. CPU spikes may also be indicated by rekentuig ventilatoren speeding up and making more noise than usual, especially on laptops.
  • Avoid piracy sites: Any webpagina may be hiding malware, but it has to be said that piracy sites typically pose a higher risk. Avoid wherever possible.
  • Use an antivirus: A reputable antivirus solution can identify potential threats and liquidate any traditional mining malware that may infect your system.

Looking to the future of cryptomining

While we’re still te the early stages of in-browser cryptocurrency mining, it’s effortless to imagine that it may have legitimate applications further down the track. If in-browser mining wasgoed standardized (with, say, limitations on maximum CPU usage and opt te/out policies) it could grow to become an effective alternative to traditional online advertising. Ter this script, in-browser mining could be used spil a means of financing free software, or permitting users to support content creators they like – all while removing unsightly, potentially harmful ads from the web.

Alternatively, it could just spil lightly become the next form of unwanted adware and be a fresh source of headaches for users across the internet.

Have a glorious (non-consensual mining-free) day!

If you had to choose, would you rather see advertisements or permit websites to use your rekentuig resources to mine cryptocurrencies? Let us know te the comments below!


Writer. A picture is worth a thousand words but unluckily I can’t draw. The world of IT security has always fascinated mij and I love playing a puny role te helping the good guys combat malware.

  • Share
  • 82

What to read next

Antivirus is just snake oil and harms your security! Yeah, nah.

Many writers overheen the years have insisted that antivirus software causes more harm than good. While there is a grain of truth to thesis claims, things are not fairly spil black and white spil they seem. Wij voorstelling you an insider’s perspective.

What is a rootkit?

Rootkits enable criminals to manipulate your pc and access your system’s resources without your skill. Find out what makes rootkits a dangerous threat.

Fileless malware: Invisible threat or scaremongering hype?

Sneaky fileless malware attacks are growing ter popularity. Find out how they work and what you can do to protect yourself.

Related movie: Crypto/Ethereum Mining Equipment Components

Leave a Reply

Your email address will not be published. Required fields are marked *