As the value of cryptocurrencies like Bitcoin and Monero skyrocketed last year, a more sinister trend came with it. Cybercriminals saw the opportunity to hijack unprotected computers to use their processing power to mine cryptocurrency – an activity that involves calculating extremely complex mathematical problems.
Those calculations require a lot of CPU resources and electricity, so hackers use browser mining scripts to illicitly using other people’s computers (called cryptojacking) so they can mine cryptocurrencies at no cost.
First, we need to understand the nature of cryptocurrencies. These digital currencies are based on cryptography (also referred to as hash algorithms) that record financial transactions. There are only a certain number of hashes available, which help establish the relative value of each unit.
Creating new units of a cryptocurrency involves solving complex mathematical problem. The first person to solve the problem gets paid for their efforts in that cryptocurrency. That means legal cryptominers must invest in server farms for computing power, tremendous amounts of electricity, and cooling systems that help keep their mining operations efficient as they crunch the numbers.
Spreading the wealth with cryptomining
Browser mining scripts are not all malicious. Some websites have been experimenting with them as a possible revenue generator that would replace online advertising. One of the first websites to try this approach, for example, was Quartz. The idea of spreading cryptomining efforts across multiple user computers in exchange for access to the website seemed reasonable, especially since the user would be informed and asked to agree to the deal.
Unfortunately this approach has been abused by criminals. Rather than invest in the infrastructure needed for legitimate cryptomining, they look at browser mining scripts as a way to avoid those costs. And whether it’s Coinhive offering Monero mining tools that you insert into a website, or Coinhive alternatives like EObot and Awesome Miner that have browser Bitcoin miners, criminals have the tools needed at their fingertips.
The result is cryptojacking.
How to tell if your computer been cryptojacked
Given the drain on your CPU, if your computer suddenly is running slowly or your battery is draining particularly fast, you might have been hacked. How can you tell?
Open up your Windows Task Manager or macOS Activity Monitor and click on “Processes.” If you see that your browser is working overtime, you can shut it down and restart. Unfortunately, this doesn’t tell you what site ran the browser mining script.
Unfortunately, hackers are making it harder to spot their efforts. While older scripts maximized CPU use, new cryptomining scripts throttle back to as little as 20 percent, making them more difficult to detect.
Stopping cryptomining in browsers
While manually identifying attacks is much harder now, there are preventative steps you can take that will automatically reduce your exposure and vulnerability to browser-based attacks.
Deploy Browser Extensions
Most popular web browsers now include extensions that can help stop web-based cryptomining attacks. These can include both solutions developed by the browser developer, or open-source extensions that can be added on. The No Coin and MinerBlocker solutions, for example, monitor for suspicious activity and block attacks, and both have extensions available for Chrome, Opera, and Firefox.
Given the explosion of cryptomining malware, many ad-blockers now include a Coinhive blocker that filters the script from running on your browser. If you have an ad-blocker installed, you’ll need to select that script blocker.
You can also block specific domains that you suspect of cryptomining. Simply open your browser, find the “Customize” drop-down, and then block a URL. To block Coinhive, you can copy/paste https://coin-hive.com/lib/coinhive.min.js into the text box.