Mining crypto

If Your Computer Has Slowed Down, You May Be Mining Cryptocurrencies For Someone Else

You didn’t even know. Photo: Columbia Pictures

  • Latest report shows cryptomining is now the second most popular malware in the world
  • It can cause cell phones to overheat and explode
  • Has your computer’s fan been abnormally noisy lately?

Good news: virtually all types of traditional malware have declined over the past few months.

Not so good – mainly because hackers are more interested in using your computer to help them mine cryptocurrencies.

Chances are you or your employer aren’t even aware of what’s going on. Malware miners lock onto your PC and add its processing power to their efforts to source Monero, ByteCoin, AEON, or any of the many next-gen cryptos that don’t need a platform. -mining form the size of a city block. to achieve significant returns.

Adding to the attraction is a mistaken feeling that it just doesn’t seem as sinister as someone stealing your bank details or demanding a ransom from your adulterous website membership.

There have even been recent moves from major media companies offering ad-free services in exchange for the power of your PC. Some call it “ethical cryptomining”.

But according to the latest quarterly report on cybercrime tactics and techniques by security software provider Malwarebytes, “malicious cryptomining” has come out of nowhere in recent months to become the second most popular form of cybercrime, “cutting stubs” adware.


Image: Malwarebytes

Currently, adware is still the number one threat to consumers, while spyware is the biggest threat to businesses.

Ransomware – where victims are asked to pay, usually in bitcoins – is up for businesses by 28%, but consumer detections have dropped, dropping them to sixth place overall. A new development has seen GandCrab become the first ransomware to ask victims to pay in a crypto other than bitcoin.

But why risk jail time by demanding a few hundred dollars in bitcoin when you can just mine it, with a little unsolicited help?

While virtually all other malware is on the decline, cryptomining is now the second biggest threat to consumers and businesses.

Android owners in particular were targeted, with Malwarebytes seeing a 4,000% increase for the quarter. Detections of Mac users were lower, but they increased by 74% in March.

“Cryptocurrency mining is such a lucrative business that malware creators and distributors around the world are drawn to it like moths,” the report said.

“We saw large-scale malicious cryptomining this quarter, across all platforms, devices, operating systems, and browsers.

“Macs and mobile devices are not exempt; criminals have even used the cryptocurrency craze for social engineering purposes.

The most popular places for criminals to infect are servers. Windows servers, Oracle servers and recently Amazon servers have all been infected with cryptocurrency miners. Infecting the server and those using them – including Amazon’s cloud-based AWS service – could suddenly unwittingly host a miner on their website.

A recent example was found on the LA Times website. And Australian government websites. And websites operated by the UK National Health System, the Student Loans Company and Northern Powergrid.

But why target Android users? Computing power is negligible, but Malwarebytes says it’s easy to “raise the bar” by adding miners to already malicious apps.

A recent version, a miner added to the Loapi Trojan, pushed devices to the point that they “overheated due to CPU strain, their batteries swelled, and ultimately they suffered an untimely termination.”


But the biggest player is CoinHive. It has only really been active since September 2017, when it announced an API that could mine Monero directly from a web browser.


Coinhive, hidden in plain sight. Photo: Troy Mursch/@bad_packets/Twitter

It was launched with good intentions, but “due to several oversights, the technology was almost instantly abused,” Malwarebytes reported.

The beauty of CoinHive is that it’s hard to spot because it doesn’t slow down your computer much. It is used in “drive-by cryptomining”.

Drive-thru crypto mining is website-specific and does not require infecting a machine. Open the modified webpage – such as the LA Times page mentioned above – and your PC begins mining Monero for someone else. Close the tab or navigate away from it, and mining stops.

You are probably annoyed by the lagging website.

But here’s a trick minors use while driving: pop-unders.

You won’t see a contextual tab because it looks like a contextual tab except that it opens under your taskbar. Even though you think you have left the affected website, the tab continues to drift away.

You probably left one open all last night.


Photo: Getty Images

CoinHive itself takes a 30% commission on all mining revenue. The fact that knowledge is so openly discussed, and that there have been no notable reparations against CoinHive, is likely a big part of why cryptomining is the rising malware star of 2018.

In CoinHive’s defense, it released another API that requires users to register – the “ethical” cryptominer. But MalwareBytes research shows it was used around 30,000 times per day compared to the silent API at 3 million times per day.

The new wave is already coming – Coin Have and CryptoLoot are number two and three. Coin Have takes 20%, but CryptoLoot claims to pay 88%.

Cryptominers are actually advertising better rates for letting other people steal your computing power. They also promote their ability to circumvent their biggest threat: ad blockers.

But here’s a trick to spot it on your PC at least – that moment when its fan goes crazy.

In January, a miner even let Android phone users know they were being mined, which was polite. Look at CPU usage, off scale:


Image: Malwarebytes

You can opt out by “verifying that you are human”.

Malwarebytes says there is no reason to expect the increase in cryptocurrency mining to continue in 2018, especially given the value of cryptocurrencies, despite their recent declines.

The new frontier, he says, could be Internet of Things devices. How much attention do you pay to what your smart fridge is doing right now?

“Although malicious cryptomining appears to be far less dangerous to the user than other forms of malware, such as ransomware, its effects should not be compromised,” Malwarebytes says.

“Indeed, unmanaged miners could seriously disrupt business processes or critical infrastructure by overloading systems to the point where they become unresponsive and shut down.

“Under the guise of a financially motivated attack, this could be the perfect alibi for advanced threat actors.”

How to spot it

  • Basically, your computer’s fan is going crazy. Check your CPU usage (Task Manager, Windows; Activity Monitor, Mac) and look for spikes

How to stop it

  • If you are a business, Malwarebytes has just released its new Endpoint Protection and Response solution.
  • Antivirus software. The first date for something like this. If you are not convinced by your built-in protection, try Kaspersky or BitDefender.
  • Ad blockers help. AdBlock Plus and AdGuard offer to scan sites for CoinHive. No Coin and Miner Block are also handy Chrome extensions.
  • And if you see any unusual program consuming your CPU, just stop it and then scan for a virus.