Hackers find the processing power they need for mining for cryptocurrencies through ‘cryptojacking’

Mar 11, 2018

The next time you're visiting a website and your computer’s fan starts going crazy out of nowhere, there could be nefarious activity behind it.

Without you knowing it, a hacker may have turned your laptop or even cell phone into a cryptocurrency mining machine. With cryptocurrencies becoming all the rage in the high-tech underworld in recent years — one of the best-known ones, bitcoin, saw its value rocket all the way to $20,000 per coin in December — mining server farms have created a strain on the electrical grid, forcing those who are looking to mine for decentralized digital currencies to commandeer sources that are not their own through a practice called “cryptojacking.”

“If the fan’s suddenly spurring up and making a whole bunch of noise, that is a good indication that it's happening,” says Dan Goodin, a security editor for Ars Technica. “It's not guaranteed that that's going to happen, but if somebody is browsing a site and suddenly [his or her] fan comes on, that's a good reason to be suspicious that something is happening.”

Goodin mentions that recently the attack that happened earlier this month in which more than 3,400 sites — including some associated with the US and UK governments — were infected for a period of time with a code that, when someone visited one of those sites, would cause that person’s computer to automatically start mining for a burgeoning cryptocurrency called monero.

“Suddenly your computer would start mining this currency,” Goodin says. “And, of course, that's putting a strain on your computer, or in some cases, your smartphone, and it's either draining the smartphone’s battery or it's electricity that you are paying for, for someone else somewhere halfway around the world, probably, to benefit from and gain currency to go to their account."

In cryptojacking, the malware being used is essentially trying to add to an ongoing “blockchain,” which holds the transaction of all of the digital coins for that particular currency. Every 10 minutes or so, mining computers collect several hundred pending transactions — known as a block — and transform them into a mathematical puzzle. The first miner who solves the puzzle announces it to the network. If the group approves the answer, the block is cryptographically added to the blockchain ledger. That miner will later be rewarded a determined amount of coins as part of the spoils of victory.

“This is no longer the case of a single entity who is presumably getting some sort of credit to their account,” Goodin says. “They're leeching just a little bit from you and just a little bit from me and just a little bit from tens of thousands hundreds of thousands of people.”

In the most extreme cases, some highly aggressive digital currency mining software running on cell phones has been known to cause physical damage to the phones through the tremendous stress being put on their batteries.

“The phone worked so hard and it draws so much current from the battery that the battery bulges and causes the case to kind of pull away from it from itself,” Goodin says.

In addition to cryptojacking at the personal-computer level, Goodin says that another growing trend involves hackers leeching off the hardware of large-bandwidth servers that corporate businesses use to manage their payroll or run their sites.

“Cryptocurrency is the new hotness and you look at what the price of bitcoin and a bunch of the other currencies have done over the last year and it's inevitable that the attackers are going to start trying to harness your computer and mine to generate these types of currencies,” Goodin says.

As far as taking steps to defend oneself from miners, Goodin recommends the tried-and-true first line of defense: keeping operating systems and browser regularly updated for any needed patches. In addition, he says that some antivirus programs will inform you that the browser is trying to engage in crypto coin mining. Another option is to use an ad blocker.

“The problem with ad blockers is that my business, for instance, relies on ads to pay my salary so it's a little bit hard for me,” Goodin says. “There's some cognitive dissonance recommending that somebody use an ad blocker because it actually hurts my business, even as it protects people against threats like these.”

Regardless of what steps computer owners take against cryptojacking, Goodin says that the surge of cryptocurrencies has revolutionized the business of malware.

“Once upon a time people needed to use malware to steal your bank account information and then try to withdraw money from your account. That still happens," Goodin says. “But that's gotten a lot harder. Banks now use two-factor authentication and a whole lot of other ways to prevent that from happening. And, of course, once the crooks get the money, they have to launder it somehow. The way that cryptocurrency works is it's so anonymous, it's so fluid, it's much easier for [the currency] to be transferred around.”

This article is based on an interview on PRI’s Science Friday with Ira Flatow.


©2017 Science Friday