A new form of cyber intrusion has emerged in recent months: cryptojacking.
Unlike hacking that steals software or a user’s data, cryptojacking occurs when a computer is unknowingly hijacked to extract or “mine” data for cryptocurrency.
The rise of cryptojacking can be traced to Monero, a digital currency introduced in 2014 as an alternative to bitcoin. Digital currency is not controlled by a central bank but instead is generated by computers using sophisticated number-crunching calculations. This is expensive because it requires banks of high-powered computers that consume massive amounts of electricity. One way to avoid such costs is to use someone else’s processing powers.
Designed to be mined on normal PCs, Monero led to the development of off-the-shelf Monero cryptomining tools, such as Coinhive and Crypto-Loot. These tools transform unsuspecting visitors’ computers into mines for cryptocurrency.
This new threat does not only come from nefarious hackers. CBS’s Showtime channel used a surreptitious code to hack into its viewers’ personal computers and turn those computers into cryptomining devices. The unauthorized code was removed within a few days.
Similar code was found on the websites of soccer star Cristiano Ronaldo and The Pirate Bay, which tested cryptomining software without informing users. Pirate Bay said it tested the code as an alternative to running ads to finance the website. Its users said the mining consumed up to 85% of their processing power, compared to a typical 20%-30% usage level.
If users are concerned about such intrusions, they can take steps to block cryptomining tools. For example, a “blocker” extension on an internet browser—such as Malwarebytes or minerBlock—can stop such intrusions from taking root. As always, users should stay vigilant and keep all antivirus software up to date.