Computer users now have one more thing to worry about: cybercriminals secretly tapping into your CPU or GPU to mine cryptocurrencies. Due to an ability to access your computer via a web browser, “cryptojacking” is on the rise, cautioned a British government agency.
“The technique of delivering cryptocurrency miners through malware has been used for several years, but it is likely in 2018-19 that one of the main threats will be a newer technique of mining cryptocurrency which exploits visitors to a website,” the U.K.’s National Cyber Security Centre (NCSC) wrote in its annual report on April 10, 2018.
Shortly after, popular torrent download site Pirate Bay incorporated Coinhive as part of a new monetization scheme that would replace the advertisements that normally keep the site afloat. “We really want to get rid of all the ads. But we also need enough money to keep the site running,” Pirate Bay said in a blog post on September 16, 2017.
During the latter part of 2017, Coinhive clones started popping up left and right. Hackers even found ways to inject the scripts into popular websites like Politifact.com and Showtime unbeknownst to the site owners. Today, the internet is rife with in-browser miners.
As pointed out in the NCSC report, in December 2017, Check Point revealed that 55 percent of businesses globally were impacted by cryptominers. “Popular websites are likely to continue to be targets for compromise, serving cryptomining malware to visitors, and software is available that, when run in a webpage, uses the visiting computer's spare computer processing power to mine the digital currency Monero,” the NCSC says.
The report also points out that in February 2018, over 4,000 websites worldwide, including many government ones, were affected by the cryptojacking script. The problem was eventually traced to a website plug-in called Browsealoud, used to help blind and partially sighted people access the web.
Using an ad blocker or antivirus program with features that block browser mining is the best way to prevent crypto hijacking, the report advised. (There's also a Chrome extension called No Coin that blocks cryptocurrency miners like Coinhive.)