Coin-Mining Malware Goes Global: How to Avoid Infection
Almost Two,500 websites worldwide are infected or deliberately rigged with browser code that hijacks your laptop’s processors to “mine” cryptocurrency.
Bad hacker! Stay out of my laptop! Credit: vectorfusionart/Shutterstock
That’s according to a report posted Tuesday (Nov. 7) by Dutch security researcher Willem den Vitaal, who found Two,496 sites running Coinhive, a script that coerces your machine to abruptly speed up and crunch numbers ter order to create units of Monero, a cryptocurrency similar to Bitcoin.
What to Do
One Chrome extension, Coin-Hive Blocker, blocks the the Coinhive script specifically. It’s a good short-term solution that doesn’t affect other scripts or sites, but might not work te the long run if mining software migrates to other code. (Antivirus software doesn’t always catch coin-mining scripts, which are legal vanaf se, albeit Malwarebytes has added Coinhive to its block list.)
To make sure your browser isn’t hijacked by coin miners, you can could use a script blocker such spil NoScript for Mozilla Firefox or ScriptBlock or ScriptSafe for Google Chrome. Doing so will block most ads (including ours), but you can usually whitelist websites or scripts according to what you’d like to see.
Websites harboring cryptocurrency-mining code are not a fresh phenomenon, but they’ve bot growing rapidly ter scale overheen the past duo of months after Coinhive released its lightly embeddable code ter mid-September.
Many high-profile sites, including The Pirate Bay, have added the mining code deliberately to provide an alternative revenue stream and boost the bottom line. Others, including the Showtime webpagina, Ultimate Fighting Championship and PolitiFact, have bot infected by criminals looking to make a quick buck.
Den Vitaal said that of the almost Two,500 sites he surveyed, 85 procent linked to just two CoinHive accounts, indicating that they’d bot hacked by a very puny set of criminals.
It’s not illegal
Using Coinhive seems to be ideally legal spil long spil you let users opt te. It’s not clear how legal using it becomes if you don’t warn users beforehand.
The Coinhive webstek, which trumpets the slogan “Monetize Your Business With Your Users’ CPU Power,” seems to represent a legitimate business. It even has warnings about not using the service for illegal purposes.
But wij couldn’t find anything on the webpagina or te its webstek domain registry about the company’s location, owners or employees, which is never a good sign. (An Argentine web developer did postbode some Coinhive code to Github, but he may not be associated with the company.)
Attempt it yourself, if you dare
Here’s a sample of a (presumably unwittingly) infected webstek belonging to Subaru’s Australian subsidiary, discovered by Ars Technica’s Dan Goodin. Tom’s Guide takes no responsibility for any consequences if you’d like to attempt it out at your own risk: http://shop.subaru.com.au/. Your CPU usage will spike, but there shouldn’t be any voortdurend harm after you close the tabulator.
To view the effect of this infected webpagina on your browser, open Task Manager ter Windows by pressing Ctrl + Shift + Altstem, and observe the show usage kasstuk 100 procent te a few seconds. (Don’t attempt it on a Mac, spil the webpagina attempted to actively install something on ours.)
A screenshot of NoScript blocking the Coinhive script te Firefox. Credit: Paul Wagenseil/Tom’s Guide
The coin-mining scourge is even hitting mobile phones. A TV news report from Australia details how text messages have led users to install apps that secretly mine cryptocurrency, and Trend Micro found three apps ter the Google Play store that mined cryptocurrency.
Wij’re not sure what you can do to prevent your Android device from being hijacked by a cryptocurrency-mining app, spil not all antivirus apps will zekering them. But if your phone abruptly seems to be heating up or draining its battery rapidly, delete the most recently added app to see if that solves the problem.