The rise in popularity and prices of cryptocurrencies will bring an inevitable rise in cyber-crime and those trying to steal it. This last week has seen the crypto top three; Bitcoin, Litecoin and Ethereum, all reach record price highs of $11,400, $100 and $500 respectively. Big bucks bring bad guys and they are finding ever more devious ways to get at this digital booty.
Internet security researchers have found new techniques that let hackers perform browser-based crypto-mining even after the window has been closed. Millions of unsuspecting people have been targeted by drive-by crypto-miners using compromised websites to harness the CPU power and electricity of their machines without their knowledge.
Using malware called Coinhive, unscrupulous hackers can infect websites that inject code to secretly siphon off your computer power to mine the altcoin Monero which is currently trading around $175. The crypto-miner released in September allowed website owners to make extra revenue from their readers by harnessing their CPU power. However, it does not tell the user what is taking place and why their computer may start running a lot slower when visiting certain websites. The profits are shared between the account holder who gets 70% of what is mined and Coinhive the remaining 30%. It has been estimated that Coinhive is making between 4 and 5 million dollars a year from deceptive web-based mining operations. Torrent sharing platform The Pirate Bay was one of the early adopters of Coinhive, and changed its technique to mine through forced advertising instead of directly after users complained about their machines slowing down.
Researchers have found thousands of websites that are running Coinhive, many unknowingly, with proceeds going to whoever hacked the site. Anti-malware provider Malwarebytes have also discovered that the leaching can continue even after the user has closed the browser window. A pop-under window hiding behind the Windows taskbar is the culprit. It has been designed to bypass ad-blockers and closing the main browser still doesn’t get rid of it.
The code is even more cunning in that it intentionally does not max out the CPU usage but throttles down the computationally intensive actions to make usage look more natural. The technique works on the latest version of Chrome and the latest version of Windows 10 and antivirus providers have yet to include it in their signature updates although Malwarebytes are on the ball and claim to have blocked 248 million attempts at drive-by mining in the last month.
Vigilance is the key for end users, keep an eye on your CPU usage through Windows task manager and shut down all browser instances when you are no longer browsing the web.