Skip to Content
Blockchain

Hijacking Computers to Mine Cryptocurrency Is All the Rage

Hackers are using old tricks and new cryptocurrencies to turn stolen computing power into digital coins.
October 5, 2017
Sophia Foster-Dimino

Have you visited Showtime’s website recently? If so, you may be a cryptocurrency miner. An observant Twitter user was the first to sound an alarm last month that the source code for the Showtime Anytime website contained a tool that was secretly hijacking visitors’ computers to mine Monero, a Bitcoin–like digital currency focused on anonymity.

It’s still not clear how the tool got there, and Showtime quickly removed it after it was pointed out. But if it was the work of hackers, the episode is actually part of a larger trend: security experts have seen a spike in cyberattacks this year that are aimed at stealing computer power for mining operations. Mining is a computationally intensive process that computers comprising a cryptocurrency network complete to verify the transaction record, called the blockchain, and receive digital coins in return (see “What Bitcoin Is, and Why It Matters”).

Lately the same mining tool that appeared on Showtime’s website has been showing up all over the Internet. Released just last month by a company called Coinhive, the tool is supposed to give website owners a way to make money without displaying ads. But malware authors seem to be among its most voracious early adopters. In the past few weeks, researchers have discovered the software hiding in Chrome extensions, hacked Wordpress sites, and even in the arsenal of a notorious “malvertising” hacker group.

Coinhive’s miner isn’t the only one out there, and hackers are using a variety of approaches to hijack computers. Kaspersky Lab recently reported finding cryptocurrency mining tools on 1.65 million of its clients’ computers so far this year—well above last year’s pace.

The researchers also recently detected several large botnets set up to profit from cryptocurrency mining, making a “conservative” estimate that such operations could generate up to $30,000 a month. Beyond that, they’ve seen “growing numbers” of attempts to install mining tools on servers owned by organizations. According to IBM’s X-Force security team, cryptocurrency mining attacks aimed at enterprise networks jumped sixfold between January and August.

The researchers say that hackers are especially attracted to relatively new alternatives to Bitcoin, particularly Monero and zCash. That’s probably in part because these currencies have cryptographic features that make transactions untraceable by law enforcement (see “Criminals Thought Bitcoin Was the Perfect Hiding Place, but They Thought Wrong”). It’s also because hackers can generate more profits mining these newer currencies than they can with Bitcoin. Bitcoin-mining malware was extremely popular two or three years ago, but the currency’s popularity has, by design, made it more difficult to mine, warding off this kind of attack. Hackers are now embracing newer, easier-to-mine currencies.

Malware containing cryptocurrency mining tools can be relatively straightforward to detect using antivirus software, says Justin Fier, cyber intelligence lead for the security firm Darktrace. But illegal mining operations set up by insiders, which can be much more difficult to detect, are also on the rise, he says—often carried out by employees with high-level network privileges and the technical skills needed to turn their company’s computing infrastructure into a currency mint.

In one instance, Fier’s team, which relies on machine learning to detect anomalous activity inside networks, noticed an employee at a major telecom company using a company computer in an unauthorized way to communicate with his home machine. Further investigation revealed that he had planned to turn his company’s server room into a mining pool.

So long as there is a potential payday involved, such inside jobs are likely to remain high on the list of cybersecurity challenges that companies face. As for keeping hacked websites from hijacking your personal computer? In an ironic twist, some ad blockers are now banning Coinhive.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.