Theres something new to add to your fun mental list of invisible internet dangers. Joining classic favorites like adware and spyware comes a new, tricky threat called cryptojacking, which secretly uses your laptop or mobile device to mine cryptocurrency when you visit an infected site.
Malicious miners arent new in themselves, but cryptojacking has exploded in popularity over the past few weeks, because it offers a clever twist. Bad guys dont need to sneak software onto your computer to get it going, which can be a resource-intensive attack. Instead, the latest technique uses Javascript to start working instantly when you load a compromised web page. There’s no immediate way to tell that the page has a hidden mining component, and you may not even notice any impact on performance, but someone has hijacked your devicesand electric billfor digital profit.
The idea for cryptojacking coalesced in mid-September, when a company called Coinhive debuted a script that could start mining the cryptocurrency Monero when a webpage loaded. The Pirate Bay torrenting site quickly incorporated it to raise funds, and within weeks Coinhive copycats started cropping up. Hackers have even found ways to inject the scripts into websites like Politifact.com and Showtime, unbeknownst to the proprietors, mining money for themselves off of another sites traffic.
‘Theres no opt-in option or opt-out. Weve observed it putting a real strain on system resources.’
Adam Kujawa, Malwarebytes Labs
So far these types of attacks have been discovered in compromised sites’ source code by usersincluding security researcher Troy Murschwho notice their processor load spiking dramatically after navigating to cryptojacked pages. To protect yourself from cryptojacking, you can add sites you’re worried about, or ones that you know practice in-browser mining, to your browser’s ad blocking tool. There’s also a Chrome extension called No Coin, created by developer Rafael Keramidas, that blocks Coinhive mining and is adding protection against other miners, too.
“Weve seen malicious websites use embedded scripting to deliver malware, force ads, and force browsing to specific websites,” says Karl Sigler, threat intelligence research manager at SpiderLabs, which does malware research for the scanner Trustwave. “Weve also seen malware that focuses on either stealing cryptocurrency wallets or mining in the background. Combine the two together and you have a match made in hell.”
What complicates the cryptojacking wave, experts argue, is that with the right protections in place it could actually be a constructive tool. Coinhive has always maintained that it intends its product as a new revenue stream for websites. Some sites already use a similar approach to raise funds for charitable causes like disaster relief. And observers particularly see in-browser miners as a potential supplement or alternative to digital ads, which notoriously have security issues of their own.
Early adopters like the Pirate Bay have made a pitch to their users that the technology is worth tolerating. “Do you want ads or do you want to give away a few of your CPU cycles every time you visit the site?” Pirate Bay asked its users in mid-September. Most commenters on the feedback request supported in-browser mining if it reduced ads, but one noted that if multiple sites adopt the technique, having multiple tabs open while browsing the web could eat up processing resources.
The concerns run deeper among audiences unaware that their devices are being used without their knowledge or consent. In fact, malware scanners have already begun blocking these mining programs, citing their intrusiveness and opacity. Coinhive, and the rash of alternatives that have cropped up, need to take good-faith steps, like incorporating hard-coded authentication protections and adding caps on how much user processing power they draw, before malware scanners will stop blocking them.
Everything is kind of crazy right now because this just came out, says Adam Kujawa, the director of Malwarebytes Labs, which does research for the scanning service Malwarebytes and started blocking Coinhive and other cryptojacking scripts this week. But I actually think the whole concept of a script-based miner is a good idea. It could be a viable replacement for something like advertising revenue. But were blocking it now just because theres no opt-in option or opt-out. Weve observed it putting a real strain on system resources. The scripts could degrade hardware.
To that end, Coinhive introduced a new version of its product this week, called AuthedMine, which would require user permission to turn their browser into a Monero-generator. “AuthedMine enforces an explicit opt-in from the end user to run the miner,” Coinhive said in a statement on Monday. “We have gone through great lengths to ensure that our implementation of the opt-in cannot be circumvented and we pledge that it will stay this way. The AuthedMine miner will never start without the user’s consent.”
This course-correction is a positive step, but numerous cryptojacking scriptsincluding Coinhive’s originalare already out there for hackers to use, and can’t be recalled now. Experts also see other potential problems with the technique, even if the mining process is totally transparent. “An opt-in option…doesnt eliminate the problems of potential instability introduced by this,” Trustwave’s Sigler says. “When dozens of machines get locked up at a company, or when important work is lost due to a mining glitch, this can have a serious effect on a organizations network.”
And with more malware scanners on the alert, hackers will start to evolve the technology to make it subtler and more difficult to find. As with other types of malware, attackers can bounce victims around to malicious websites using redirect tactics, or incorporate Javascript obfuscation techniques to keep scanners from finding their script-based miners.
Still, the positive potential of in-browser miners seems worth the complications to some. “Im hoping that within a year well see even more evolution of this technology to the point where it cannot be abused by website owners who want to trick people into running these miners,” Malwarebytes’ Kujawa says. “But if it’s only associated with malicious activities, then it might take awhile for the technology to evolve to a place thats more secure, and for anyone to trust using it.”
Like so many web tools, cryptojacking has plenty of promise as an innovationand plenty of people happy to exploit it.
More here:
Cryptojacking Lets Strangers Mine Cryptocurrency With Your …
- Cryptocurrency Exchange Says It Can't Access $190 Million ... - February 5th, 2019
- What's the Best Cryptocurrency to Invest in Today? - January 9th, 2019
- Cryptocurrency Trading Easy tips to get started | AvaTrade - January 9th, 2019
- Thailand Issues 4 Cryptocurrency Licenses, Rejects 2 ... - January 9th, 2019
- NASDAQ, Fidelity Invest in New Cryptocurrency Exchange ... - January 9th, 2019
- Cryptocurrency News | Cryptocurrency News | Blockchain ... - January 9th, 2019
- Differences Between Cryptocurrency Coins and Tokens - January 9th, 2019
- Cryptocurrency Charts - January 8th, 2019
- What is cryptocurrency? - cointelegraph.com - January 4th, 2019
- Blockchain Will Survive A Cryptocurrency Apocalypse - January 1st, 2019
- Cryptocurrency - Simple English Wikipedia, the free encyclopedia - December 25th, 2018
- Is Cryptocurrency Dead for Good? | Investopedia - December 6th, 2018
- Cryptocurrency scammers dupe Singaporeans out of $78,000 in ... - December 6th, 2018
- Invest in Cryptocurrency With Spare Change - Black Enterprise - November 28th, 2018
- What is Mining Cryptocurrency? What you need to know... - November 26th, 2018
- Saudi Arabia Will Launch Its Own Cryptocurrency in 2019 ... - November 23rd, 2018
- Bitcoin and Other Cryptocurrency Prices Are Crashing Again ... - November 17th, 2018
- Homepage - Cryptocurrency Army - November 14th, 2018
- Cryptocurrency - Simple English Wikipedia, the free ... - November 14th, 2018
- How To Create Your Own Cryptocurrency - fastcompany.com - November 14th, 2018
- Cryptocurrency price plunge worse than bursting of dotcom ... - September 18th, 2018
- Iran, North Korea and Venezuela turning to cryptocurrency ... - September 12th, 2018
- SEC halts trading in two cryptocurrency products, citing ... - September 12th, 2018
- Cryptocurrency News, ICO Reviews & Blockchain Updates ... - September 9th, 2018
- Cryptocurrency "miners," utilities look for ways to get along ... - August 29th, 2018
- Cryptocurrency: Virtual money, real power, and the fight ... - August 28th, 2018
- Pornhub Now Accepts PumaPay Cryptocurrency - August 27th, 2018
- NK hackers target Mac users with trojan cryptocurrency app ... - August 27th, 2018
- Cryptocurrency: The unlucky investors who got in at the wrong ... - August 26th, 2018
- cryptocurrency coins Archives - The Industry Spread - August 26th, 2018
- cryptocurrency Archives - Page 6 of 6 - The Industry Spread - August 26th, 2018
- Cryptocurrency investment in SMSF - hallandwilcox.com.au - August 26th, 2018
- How To Choose The Best Cryptocurrency Wallet - Crypto News AU - August 26th, 2018
- Courses | Cryptocurrency Australia - August 26th, 2018
- What Every Investor Should Know Before Buying Cryptocurrency ... - August 26th, 2018
- The biggest cryptocurrency hack in the history of blockchain - August 26th, 2018
- After the Bitcoin Boom: Hard Lessons for Cryptocurrency ... - August 21st, 2018
- Cryptocurrency Rankings | CryptoSlate - August 14th, 2018
- Bitcoin price falls after SEC postpones key ETF decision - August 12th, 2018
- Brokers Cryptocurrency Deals Are Focus of SEC Review ... - August 7th, 2018
- 7 Cryptocurrency Predictions for the Rest of 2018 - August 7th, 2018
- Have a Cryptocurrency Company? Bermuda, Malta or Gibraltar ... - July 31st, 2018
- Bitcoin price live: Latest updates as cryptocurrency ... - July 22nd, 2018
- 2018 Bahamas Blockchain & Cryptocurrency Conference - July 16th, 2018
- Best Cryptocurrency Trading Platform 2018 | Top Crypto ... - July 13th, 2018
- Cryptocurrency: Advantages And Disadvantages Explained - July 12th, 2018
- ATB Coin - The fastest and most secure payment system - June 19th, 2018
- An Illustrated Glossary of Cryptocurrency Slang (Infographic) - June 19th, 2018
- Apollo All-in-One Cryptocurrency - June 3rd, 2018
- Cryptocurrency News, ICO Database, Coin Rankings and ... - May 25th, 2018
- CoinLib - Cryptocurrency prices now - May 21st, 2018
- Cryptocurrency Market Capitalizations | CoinMarketCap - May 4th, 2018
- CryptoCurrency Market , Coin Prices & Charts, Crypto ... - April 28th, 2018
- Nasdaq open to cryptocurrency exchange in future, says CEO - April 27th, 2018
- The 4 Top Cryptocurrency Mining Stocks -- The Motley Fool - April 27th, 2018
- One in five financial institutions consider cryptocurrency ... - April 27th, 2018
- New hacks siphon private cryptocurrency keys from ... - April 27th, 2018
- What Is Cryptocurrency? - dummies - April 21st, 2018
- Cryptocurrency Market Surges to $365 Billion, Start of a ... - April 21st, 2018
- BTCMANAGER | Bitcoin, Blockchain & Cryptocurrency News - April 16th, 2018
- How to keep your cryptocurrency safe - CNET - April 11th, 2018
- How do I report Cryptocurrency Mining income? - TurboTax ... - April 4th, 2018
- When do you report Cryptocurrency investments? - TurboTax ... - April 4th, 2018
- Trading Cryptocurrency in 2018: The Definitive Guide - March 14th, 2018
- How would one operate a Cryptocurrency Mining Pool and ... - March 13th, 2018
- Coinbase cryptocurrency index fund - Business Insider - March 10th, 2018
- Cryptosomniac | Cryptocurrency Price Tracker - Bitcoin & Eth ... - February 24th, 2018
- Cryptocurrencies News & Prices | Markets Insider - February 22nd, 2018
- I started cryptocurrency mining at the end of 2017 and was ... - February 20th, 2018
- Cryptocurrency News - Bitcoin, Ethereum, NEO, ICO startups - February 8th, 2018
- 7 Best Cryptocurrency Exchanges to Buy/Sell Any ... - February 8th, 2018
- Electroneum. The Mobile Cryptocurrency. - February 8th, 2018
- Cryptocurrencies trading | your guide in the world of trading ... - February 5th, 2018
- Robinhood trading app introduces cryptocurrency - money.cnn.com - January 28th, 2018
- Robinhood adds zero-fee cryptocurrency trading and tracking ... - January 28th, 2018
- Cryptocurrency Price Prediction, Comparison, Analysis - January 22nd, 2018
- South Korea's major cryptocurrency exchanges ... - reuters.com - January 13th, 2018
- Bitcoin-crazy South Korea may face a ban on cryptocurrency ... - January 13th, 2018
- Cryptocurrency - IC Markets - January 13th, 2018
- Kodak launches cryptocurrency, stock pops 125% - Jan. 9, 2018 - January 10th, 2018
Recent Comments