Crypto-jackers: The Next Major Cybersecurity Threat

A new form of cyber threat so-called "crypto-jacking" has emerged through malicious websites that produce digital tokens using the processing power on the victim's computer, affecting millions of home and corporate users and computers across the globe. Entities affected have included the Google Play store, the coffee giant Starbucks, CBS Showtime, UFC live-streams, the Russian oil pipeline company Transneft, soccer star Cristiano Ronaldo, and even official websites and infrastructure of government agencies.

Crypto-jacking means hackers mining digital currencies from your computer, while you don't expect your own PC to be hijacked, turning your CPU performance into trash and jacking up your electricity bill while producing coins for cyber criminals. Miners work like a botnet and can also infect computers with Trojans. Because the value of crypto-currency continues to rise, and the resources needed to mine are also rising steeply, cyber-criminals are looking for different ways to profit from mining; so turning a network of people who are browsing the web into a big supercomputer is a cheap and effective source. Crypto-jackers are using a simple piece of JavaScript to open a tiny hidden window behind a user’s taskbar triggering the mining process that could persist indefinitely, unless the users are shutting down the full application, and not only the window they’re browsing.

Most of the recent reported incidents are attributed to Monero, the crypto-currency designed to be mined on PCs. When a handful of off-the-shelf Monero mining software tools, such as CoinHive, JSEcoin, and Crypto-Loot are added to a website, these tools transform typically unsuspecting visitors’ computers into cryptographic quarries.

According to cyber-security researchers, thousands of video-streaming and file-sharing websites are currently hosting crypto-mining software, and about one billion visitors are unwittingly mining Monero for one or more third-parties. Only last week, the coffee giant Starbucks and the Russian oil pipeline company Transneft reported that their infrastructure and computers were hacked to mine crypto-currency. In the Starbucks case, the Wi-Fi network on affected sites was modified to embed a CoinHive miner on pages loaded via the in store Wi-Fi. Thanks to this modification, the devices of users who connected to the Wi-Fi network were used to mine the Monero crypto-currency without their knowledge.

In a similar case, Transneft’s attackers had used the company’s computers also for unauthorized mining of the crypto-currency Monero. In this case, software for mining crypto-currency was automatically downloaded from the web by a Transneft computer.

In conclusion - if you’re worried about miners manipulating your computer to mint Monero, or you notice a strange slowdown in your computer’s performance, or the fan suddenly starts working overtime, you should check your CPU usage for anything fishy. Also consider downloading a “blocker” browser extension, like ­minerBlock or NoCoin, or an antivirus program, like Malwarebytes, that has blacklisted mining codes. The No Coin project is also on GitHub so other programmers might jump in to add additional mining filters in the future. For now, just installing and forgetting about it is a pretty simple solution. But if you just want to block specific miners, you’ll need to know the specific URL for their networks.