Hackers have a new trick up their sleeves: hijacking computers to generate digital coins.
As bitcoin and other cryptocurrency prices soar, “cryptojacking” attackers surreptitiously take over web browsers, phones and servers to make some serious profit.
“Every avenue out there is being exploited on any kind of machine,” said Jerome Segura, lead malware analyst at security firm Malwarebytes. “Consumer computers, servers, research centers — it has no bounds. We forecast it to be the biggest threat in 2018.”
Cryptocurrencies, like bitcoin and Monero, are created by using computing energy to solve complex math problems. When a problem is solved, a new piece of currency is made. This is called mining. Currencies can be mined legitimately, but criminals are increasingly turning to malevolent mining activities.
In September 2017, Malwarebytes began tracking a major uptick in malicious cryptomining and it has become the company’s most commonly detected activity.
It can affect business infrastructure, too. On Tuesday, researchers at security firm RedLock said Tesla’s cloud storage — a place for storing data separate from physical Tesla servers — was recently breached to mine cryptocurrency.
A spokesperson for the car manufacturer said there was no indication customer privacy or vehicle safety or security was compromised.
But businesses should be on alert: RedLock’s Upa Campbell, vice president of marketing, said it’s easier for hackers to try making money by secretly mining cryptocurrencies than stealing and selling corporate data.
“Cybercriminals will always take the path of least resistance,” Campbell said.
How it works
Hackers don’t have to target individual phones or computers — they can compromise websites and hijack thousands of devices at a time.
Last week, a cryptojacking campaign impacted almost 5,000 websites, including a number of UK and US government pages, through a flaw in a third-party application. Hackers exploited the flaw to mine currency using something called Coinhive.
Coinhive offers legitimate browser-based software tools for businesses to turn their websites’ visitors into cryptominers. But some people have taken advantage of the project and now use its software for nefarious purposes. The company launched in September, and websites including Politifact.com and Showtime were unknowingly infected with Coinhive miners last year. Researchers also recently found Coinhive code hidden in Android apps.
Security researcher Scott Helme discovered the massive cryptojacking scheme a few hours after it launched and told CNN it’s likely the hackers secretly inserted the malicious code during the weekend, a slow time for government websites, in hopes it stayed there for a long time. Coinhive reportedly said hackers made just 0.1 Monero, or $24, while the attack was active.
Bitcoin mining is energy-intensive. In fact, some researchers are concerned about its impact on the environment. In both cryptojacking and legitimate mining schemes, people usually prefer to mine Monero, a lesser-known cryptocurrency that does not require as much power to generate.
Not all cryptomining is malicious. For example, digital publishers think it may be a way to make money outside of advertising. Politics and culture publication Salon is currently experimenting with cryptomining, and alerts readers before hijacking their computer’s power to generate currency.
How to stop it
“For the end user, there’s not much you can do to protect yourself from cryptojacking beyond using anti-virus software or an ad blocker in your browser,” Helme said.
If a website is mining currency with your computer, you can close the page to stop the activity. Browser extensions like NoCoin can also be used to block Coinhive and other cryptocurrency miners.
It’s possible to analyze how much computing power your browser uses by looking at the Activity Monitor on Macs or the Resource Monitor on Windows computers. These are built-in tools that let you see which applications, like the Chrome or Safari browsers, use the most energy. A graph at the bottom of the monitor will show large spikes in computing power when you visit a website running a cryptominer.
But that might be too complicated. Instead, if you hear your computer’s fan start whirring when you’re visiting a website, or if the browser suddenly slows down dramatically, a cryptominer may be running.
Although the impact to consumers is low, Helme said it’s important to be aware of these attacks and stop them if you can.
“The bottom line here is your device is being used to make money for a criminal gang,” he said. “We don’t know who these people are or what their intentions are. They could use it to fuel future criminal activities.”
CNNMoney (San Francisco) First published February 22, 2018: 11:17 AM ET