I always feel uneasy when my computer performance becomes laggy. In most cases, Windows is performing maintenance work in the background, an update is being prepared or the antivirus software is running a scan. If the process takes longer and the fan spins up, I'll usually get a little suspicious and look into the task manager. And when I see the browser gobbling up all of my CPU resources, something's likely awry: maybe someone else is making money off my PC.
Malware, like any other software, is constantly evolving. Over the years, the focus slowly shifted from rendering computers unusable with viruses to data and identity theft. Ransomware attacks already made the headlines a couple of times. In the age of cryptocurrencies, ruthless but smart individuals came up with a new idea. They knew mining bitcoins requires complex calculations. But how do you mine them without having to operate expensive server farms yourself? Simple, you let other computers do the dirty work, ideally unnoticed!
Attacks usually happen over the Internet. You visit a site that uses JavaScript (e.g. for ads) and, suddenly, the CPU load rises considerably. Or you download and app to your cellphone that behaves as advertised (otherwise you'd quickly delete it) but performs extensive mining in the background. Alternatively, servers are attacked or the required code is snuck into traditional malware. Attackers take great care to stay hidden and not to noticeably harm PCs. As with parasites that don't kill their hosts, computers are supposed to continue running smoothly. And even though cryptocurrencies, like Bitcoin, have lost a lot of their value since the beginning of the year, crypto-jacking still pays. While ransomware is on the decline, crypto-jacking has become the new thing.
Interestingly, Bitcoin is not the only currency that is affected. While Bitcoin calculations have become so complex that you'd need a whole armada of computers, currencies like Monero are still minable with just a few PCs. They even offer a greater degree of anonymity than Bitcoin as transactions are neither individually traceable nor public. And with Coinhive, there's already a small script available that can be secretly embedded into websites or apps. The script has already been discovered on the sites of soccer player Christiano Ronaldo, CBS, Showtime (a streaming service) and, naturally, more than a dozen porn sites because, so far, using the script is perfectly legal! Authorities are currently debating whether this practice should require explicit user consent and whether corresponding scripts should be marked accordingly.
What is certainly illegal is hiding these scripts in apps or secretly hijacking devices. PCs aren't ideal targets since somewhat experienced users usually quickly discover the attack and leave the affected websites. Cellphones are a different story though as users rarely inspect running system processes and most devices don't feature noisy fans. Consequently, performance and battery issues are quickly attributed to other factors. Finally, IoT (Internet of Things) devices like security cameras, smart refrigerators or TVs make for perfect targets. With little to no inspection and reporting tools available to their users, attacks stay perfectly hidden. Maybe devices run slightly hotter or electricity bills are a littler higher but who'd honestly suspect hijacking as the culprit here? Individually, these devices don't have much processing power but grouped into large clusters, they get the job done. A single vulnerability in a security camera can mean thousands of lucrative victims with devices running 24/7.
Also a worthwhile target: cellphones
By now, decent antivirus programs detect and block many crypto-jacking attacks. The developers of Opera also acted swiftly and added an additional layer of protection to their built-in adblocker. In general, once you disable JavaScript, you're mostly safe - although your surf experience may suffer significantly. But there are also other ways. Since most attacks currently occur during web browsing, browser extensions like NoCoin, MinerBlockm CryptoPrevent or Mineblock can mitigate the risk for all popular browsers. With "smart" devices however, you're at the mercy of their manufacturers when it comes to software updates. Whether for example your home surveillance system is protected against crypto-jacking is anybody's guess. Especially cheap products will likely never see security patches even though they make for nice targets.
It remains to be seen how companies (and the courts!) will respond. Many site owners have already suggested that these scripts be used to keep websites ad-free. In the future, that could mean while you're visiting a news site, your PC will be mining crypto-currencies in the background as monetary compensation. Technically, they'd have to come up with a solution that doesn't lock up PCs completely but that would certainly be doable. The bottom line is that you would be paying with a slightly higher electricity bill. A new and disconcerting thought isn't it?
What I would like to know: have you ever noticed your PC running at full steam for no apparent reason? Would you be willing to pay for online services in this way?
Nice article Sven,
I am fortunate to have time to research many subjects on the Internet.
I read many Bit-coin articles, soon understood what the 'miners' were doing and was pleased to discover the subversive actions could be stopped with various applications available for Google, Firefox and other servers.
When my on-line speed slows it is generally due to Microsoft emptying bucket-loads of updates through my Window... ;-<
(Win Patrol have a very effective anti-ransom app'...W.A.R.)
Hi
Great Blog.
I am learning all the time keep it coming.
Bill
Thank you SO MUCH.
I installed a coin blocker for Chrome and what a difference. I have a habit of leaving web pages open.
My PC is much more responsive now.
Thanks for this article - for some time now, I've been having problems with Firefox continually "not responding", and nothing anybody suggested would make any difference. I've just installed "Nocoin", and the problem has disappeared completely. I'd be interested to know why my AV didn't pick it up, however.
No to both questions, Sven. The only time my PC runs at full steam is when I'm using Steam to play a game.
I use Linux, so the scripts targeted at Windows users will probably not work. However, on the browser side, I use the uMatrix extension, so I can allow or disallow scripts to execute.
I think these mining scripts must be banned if they cause a website visitor to incurr additional electricity costs. That, action is stealing electricity as the CPU/GPU usage is intentional to create coins, and the need for additional power consumption is known.
If people want to make money from their websites, sell something, and don't force users to be bombarded with ads or mining scripts. Web space is so cheap, I pay under $15USD per YEAR to host 3 sites on the same account in Europe. I do not post ads and click bait all over the place.
Interesting what next?
Hi John,
thanks for your comment. We´ll see :)