- Buttigieg, Klobuchar come together to laugh at Bloomberg Wednesday 10:29 PM
- Bernie Sanders calls Bloomberg’s wealth ‘grotesque’ to his face Wednesday 9:53 PM
- Angry Bloomberg asks debate moderators if he’s ‘chicken liver’ Wednesday 9:29 PM
- Elizabeth Warren savages everyone else’s healthcare plan Wednesday 9:07 PM
- K-Pop stans help push ‘Pooping for Kaitlin’ hashtag mocking Kent State gun girl Wednesday 8:54 PM
- Fans speculate after learning Pop Smoke posted address prior to fatal home invasion Wednesday 8:11 PM
- Jar of human tongues found in Florida has people shook Wednesday 6:39 PM
- Video of Blueface teaching Obama lookalike to dance is turning heads Wednesday 5:58 PM
- ‘No one has the range’ for this meme Wednesday 5:21 PM
- Mom confronts man who followed daughter through grocery store in viral video Wednesday 5:05 PM
- Major study linking vaping to heart attacks gets retracted Wednesday 4:36 PM
- George Zimmerman is suing Pete Buttigieg, Elizabeth Warren Wednesday 2:55 PM
- Netflix’s ‘Horse Girl’ accused of ripping off 2017 indie film Wednesday 2:52 PM
- The Genyus Network is a safe social space for stroke survivors Wednesday 2:20 PM
- MAGA hat-wearing dog finishes last in ‘Today Show’ fan vote—still named winner Wednesday 2:03 PM
If you experienced a sudden drop of performance when visiting Politifact on Friday, it was most likely because the popular fact-checking website was fast busy taxing your computer’s resources to make money—and no, you’re not getting a cut.
Hackers allegedly compromised the website and inflicted it with a cryptocurrency-mining script, a program that uses visitors’ CPU power to generate Monero, a digital currency like Bitcoin that professes anonymity.
The same script appeared on Showtime’s website late last month, though it was quickly removed after news broke on Twitter and several tech publications. Showtime never made it clear whether the script was added intentionally or was the result of their website being compromised. Pirate Bay intentionally experimented with the script but later removed it due to negative visitor feedback.
These are just a few of the increasing number of cases where the resources of computers like yours or mine have been hijacked to generate digital money without their owners’ consent. With the prices of cryptocurrencies steadily rising, plenty of people—including malicious hackers—are on the lookout to pad their wallets.
What is cryptocurrency mining?
While you can always buy cryptocurrencies on online exchanges, an alternative way to obtain them is to “mine” them, which will cost nothing if others are doing it for you.
Cryptocurrencies run on blockchain technology, a distributed ledger that exists on thousands of computers at the same time and obviates the need for middlemen and brokers such as banks and financial institutions. Records are stored on the ledger in blocks and are linked together through cryptographic equations, hence the name.
Before a new block is added to the blockchain, it has to be validated and verified through solving complicated mathematical problems. The process, called mining, requires a lot of computing power and ensures that no one can compromise the integrity of the system.
Anyone can become a miner by installing mining software and joining the network. The first miner to solve the equation gets to append the new block to the blockchain and be rewarded in cryptocurrencies and transaction fees.
Mining bitcoins requires huge amounts of computing power and requires specialized hardware available in large data centers. On the other hand, Monero, which was launched in 2014, can be mined with ordinary CPUs. Hackers can easily get involved by assembling a mining botnet, a network of computers infected with malware that enables cybercriminals to control them from afar.
How hackers are mining cryptocurrencies
Coinhive, the script used on the Showtime and Pirate Bay sites, was developed by a namesake company earlier this year and was introduced as “a viable alternative to intrusive and annoying ads that litter so many websites today.” It was also meant to address the rise of ad-blockers, which are hurting the bottom line of websites that rely on ads. The hosting website takes 70 percent of the proceeds and the rest goes to Coinhive. (The user naturally gets nothing.)
Given the inconspicuous way the script works, it has become a favorite money-making tool for hackers. In the past weeks, the script has popped up in numerous Google Chrome extensions and hacked WordPress and Magento websites.
Coinhive has expressed disappointment in the shady use of its tools and has promised to alter the script to obtain visitors’ consent before using their CPU for mining in the future. Meanwhile, several ad-blockers have added support to block Coinhive’s script.
However, Coinhive is not the only tool hackers are using to mine cryptocurrencies. Cryptocurrency mining malware and schemes have been around for several years. But the past months have seen a spike in mining activity, largely due to the rising price of cryptocurrencies.
Slovakian cybersecurity vendor ESET recently discovered a malware that exploits unpatched vulnerabilities in Windows Server 2003 machines to mine tens of thousands of dollars’ worth of Monero every month.
Kaspersky Labs reported that cryptocurrency-mining malware has targeted more than 1.65 million computers in the first eight months of 2017, an uptick compared to previous years. IBM’s X-Force security team has found a sixfold increase in cryptocurrency-mining attacks aimed at enterprise networks.
How to protect yourself against cryptocurrency miners
While cryptocurrency miners won’t steal your data or encrypt your files like other malware, they are annoying nonetheless and can negatively impact the performance of your computer. Here are several ways you can prevent hackers from lining their pockets with your CPU:
- Install an antivirus and keep it up to date: Most antivirus solutions detect and removing cryptocurrency mining tools as harmful software.
- Install an ad-blocker: If you’re using AdBlock Plus or AdGuard, both block Coinhive’s JS library.
- Install a cryptomining blocker extension on your browser: Developers have created Chrome extensions that scan your browser and terminate scripts that “look” like Coinhive. AntiMiner, No Coin, and minerBlock are three plugins that will help protect you against cryptocurrency miner scripts.
Ben Dickson is a software engineer and founder of TechTalks. His work has been published by TechCrunch, VentureBeat, the Next Web, PC Magazine, Huffington Post, and Motherboard, among others.