View All R&D Articles

Drive-By Cryptomining Is Surging and Evolving

April 13, 2018

motherboard cryptocurrency miningAs the cryptocurrency market boomed throughout 2017, cryptomining rose to prominence alongside it. This activity started as a legitimate form of earning extra income; individuals volunteer their computer’s processing power to solve intricate problems which verify digital transactions. For doing this, miners earn cryptocurrency. The practice was especially lucrative when the price of those currencies rose day after day throughout the latter half of 2017.

Because mining can be done when someone is asleep or otherwise not using their computer, it sounds like a great deal. However, dwindling returns and high electricity costs have made it increasingly hard to turn a profit through mining… unless you’re using someone else’s computer.

A recent MalwareBytes report revealed that drive-by cryptomining has surged in the last year.

Drive-by cryptomining occurs when someone uses an unsuspecting person’s computing power for mining. The first instances of this occurred when websites used Javascript to turn visitors into miners (for the website’s profit).

The ethics of this has been debated, as websites like Pirate Bay used the method to reduce ads — something that website visitors benefitted from. However, cybercriminals have now adopted the tactic and can run cryptomining code on unsuspecting websites which confer no benefit on visitors.

MalwareBytes reported that these types of attacks rose dramatically in the final quarter of 2017. The methods of attack also proliferated as hackers scrambled to take advantage of the rise in value of the cryptocurrency market.

For instance, security firm SonicWall recently discovered a Linux cryptominer trojan hidden in an image file. When a user clicks on the supposed PNG file, an image of a woman pops up. However, behind the scenes, an executable file begins to run at the same time the image opens. The malware is a Monero cryptocurrency miner that runs undetected to the casual user.

Monero is the most popular cryptocurrency targeted by drive-by miners because of its high transaction speeds and anonymity. Monero is also the chosen currency of Coinhive, the company that created the original JavaScript miner for websites.

To avoid cryptominers, use good internet hygiene.

laptop web browserRunning background cryptominers slows down your computer and can lead to overheating. Therefore, it’s important to prevent them from running on your computer (unless you’re mining intentionally). Luckily, using the same good habits to prevent other types of malware will protect you from cryptominers.

For instance, always update software. This is important not just for desktop computers, but for smart phones and watches. Internet of Things devices are particularly vulnerable to secret cryptominers. Changing default passwords to strengthen them is crucial to prevent unauthorized access. Enabling a device’s firewall is also highly recommended.

In addition to standard good habits, there are specific ways to block cryptominers from sapping your computing power. Chrome offers a variety of extensions to block coin-mining websites: No Coin, minerBlock, and Anti Miner. You can also specifically block Coin Hive from running by adding its URL — https://coin-hive.com/lib/coinhive.min.js — to your ad blocker.

Drive-by cryptomining is just the latest way for hackers to take advantage of vulnerable computers. Common sense and a healthy dose of caution can protect you from it and most other threats.