Beware of drive-by cryptocurrency hackers

By on
Beware of drive-by cryptocurrency hackers

How bitcoin ‘miners’ can hijack your electricity and your computer’s processor.

‘Mining’ is at the heart of cryptocurrencies such as bitcoin. The idea is to reward the people who own systems that are used to do the number-crunching that make cryptocurrencies workable by paying them in newly-created coins.

The problem is that as the difficulty of performing these calculations increases, so does the amount of electricity needed to power a computer while it does the job.

It has been estimated that the bitcoin network consumes as much electricity as Ireland.

So if you set out as a bitcoin miner, you'd want your computers to be in an area where electricity prices are low, and the ambient temperatures mean there's no need for air conditioning, just ventilation.

Or, if you are of a less ethical persuasion, you might look for ways of tricking other people into carrying out the calculations for you. And that's what's happening – especially with relatively new cryptocurrencies where mining is still viable on typical computers.

Drive-by mining involves putting code onto web pages that hijacks visitors' computers for mining. The Coinhive application programming interface (API) has made this easy to implement, but allowed abusers to soak up all the available CPU cycles from a visitor's system.

According to security vendor Malwarebytes, around 248 million blocks were processed this way during October 2017.

In the Asia Pacific region, Australia was the biggest target, with more than 12 million drive-by mining events that month.

The US is at the top of the global leaderboard, with Spain and France a distant second and third. Australia doesn't appear in the top ten.

It's possible to argue that with informed consent, systems like Coinbase provide a legitimate way of monetising a web site. But we suspect most people are likely to feel that the idea is moving into scam territory unless such sites spell out exactly what is going on and put reasonable limits on the resources they consume.

Consequently, security software and ad blockers are beginning to block Coinhive and other cryptomining domains as a result of these abuses.

To its credit, Coinhive's new API requires visitors to give per-session permission for drive-by mining, but the old API can still be used by the less scrupulous.

In some cases, drive-by mining code has been delivered by web advertising, and compromised ecommerce sites have been modified to deliver the code. Either way, the benefits accrue to someone other than the site owner.

“Browser-based cryptomining has a lot in its favour considering that the online ad industry as one example has been dealt many blows over the past few years, in large part due to the increased usage of ad blockers,” said Malwarebytes ANZ regional director Jim Cook.

“In the end, the future success of web-based mining as a business model will be based on honest communication with users and the almost mandatory opt-in, which is the main characteristic that differentiates it from drive-by mining.

“The problem can be summarised by a fundamental question asked many a times: ‘Are you running a coin miner on your site or have you been hacked?’ Clearly, trust will only be gained with transparency in the year ahead.”

You can read more in Malwarebytes’ report, A look into the global ‘drive-by cryptocurrency mining’ phenomenon (PDF).

Copyright © BIT (Business IT). All rights reserved.

Most Read Articles


What would you like to see more of on BiT?
How To's
Photo Galleries
View poll archive

Log In

  |  Forgot your password?