23 Cryptomining

Crypto-currencies have been the payment option of choice for cyber criminals trying to extort money from their victims for many years now but purchasing crypto-currencies has never been easy and is getting increasingly difficult as credit card providers are taking steps blocking crypto-currency purchases. One option for the cyber criminals is rather than try to force you to pay them, they can instead use your computer and its resources to ‘mine’ for crypto-currencies on their behalf and ‘earn’ a small amount of crypto-currency. And by pooling thousands of machines together into a botnet, that small amount of crypto-currency soon adds up. All this is of course done without your knowledge and because it is not technically malicious, it is proving to be much harder to stop. Just to show you how lucrative this can be, a botnet called Smominru which mines the cryptocurrency Monero is reported to have infected over half a million Windows PCs since May 2017 earning the criminals millions.

So, what exactly is ‘mining’ anyway; let me try to explain. Every crypto-currency uses a shared ledger called a blockchain, which holds a record of every single transaction ever made of the crypto-currency. This increasing growing ledger is updated and authenticated by the ‘miners’ in effectively a maths race and requires a massive amount of computer processing power, for which they are paid in the crypto-currency as a fee. The ‘miners’ also can set about creating new currency which at its most basic level involves generating increasing mind boggling large prime numbers for the cryptographic functions required. Either way a lot of hardware and electricity is required, for which the criminals aren’t too keen on paying for, so they look to use yours instead.

As the value of popular crypto-currencies started to soar, web developers looked at legitimate ways of using crypto-currency mining as an alternative to displaying adverts on web servers. The visitors wouldn’t see any adverts and while they were on the website, a fraction of their computing power would be used to add to a network of computers working together performing ‘mining’ functions. The cyber-criminals took this concept of web browser-based mining and expanded on it greatly, adding crypto-currency mining to mobile phone apps and to both fake websites and compromised real websites, which is known as cryptojacking or drive by-mining. In February 2018 over 4000 websites were compromised by hackers through a plugin called BrowseAloud, which many organisations use comply with legal obligations to make their websites accessible to people with disabilities. The hackers managed to plant Coinhive cryptocurrency-mining functionality to high profile websites including the NHS and the Information Commissioner's Office in the UK. Currently at least, when you leave the affected websites, there appears to be no additional malicious or underhand processes in place. Mobiles have also been heavily targeted, and in December 2017 the Google Play Store for Android apps was found by the Antivirus company Sophos to contain 19 apps with hidden Coinhive functionality, and one app was downloaded over 500,000 times. Now individually your computer or mobile may not be that powerful, but if the cyber criminals can get enough people visiting compromised websites or infect enough computers or mobiles, it can prove to be very profitable for them.

If your security software does not block a cryptomining attempt and you get infected, what are the warning signs? Well, if it’s a mobile device, chances are it will be slow and hot, and the battery will drain very quickly. It will be similar for laptops and desktops, so listen out for the fan running at high speeds, especially when you aren’t really using the computer. If you are unsure or suspect something hidden may be using your computer and internet resources, follow the steps in Chapter 29 to remove a virus.

It is important to remember that the criminals can change tact from cryptomining to ransomware at any time if they have already infected the machines. They can also run key loggers and other secondary malware too, so please do not think that cryptomining is less of a problem for you.

Index or next chapter Generative AI