Web-based cryptominers – what you need to know about this trending malware

By Steven Sparshott, SE Manager ANZ, Sophos

Cryptomining – the process used to discover cryptocurrencies like Bitcoin – is on the rise. From the US to Venezuela, cryptomining operations have sharply increased with individuals and organisations eager to get their hands on digital currency. 

With that, it’s no surprise that cyber thieves have started to take notice and are using cryptominers to make money by infecting websites with malicious software.

Malicious cryptomining 

Legitimate cryptomining programs ask users for its permission to run. Malicious versions don’t – opting instead to quietly leach a computer’s resources unbeknown to the victim.

Malicious cryptomining is increasingly taking the form of scripts hidden on websites, that can mine for cryptocurrency in the browser. Visitors to infected sites will see no evidence of the mining – it is completely secret. The only clues that something may be amiss to consumers are their computer slowing down and their fans revving up.

When this software is run in any user’s browser without an organisation’s consent, it is parasitic. Just like any other malware, this software is specifically designed to disrupt, damage, or gain authorised access to a computer system – in this instance it’s CPU power via laptop, PC or mobile.  

Coinhive rises with cryptocurrency values

A clear example of this is Coinhive, a Monero miner that first appeared in mid-September. The number of sites hiding it has steadily increased in recent weeks, as cryptocurrency values have taken a wild trajectory skyward and have become a topic of national interest. There has also been a steady rise in sites using Coinhive scripts.

Coinhive markets itself as an “alternative source of revenue to advertisements”. Infamous torrent site The Pirate Bay is among those who have embedded Coinhive JavaScript code onto its search pages to mine for Monero. What’s more, they have neglected to tell visitors it was using their browsers to mine cryptocurrency.

Cryptomining malware is growing rapidly, and its stealthy and often non-intrusive characteristics make it a top concern for businesses in 2018. In order to stay protected against JavaScript cryptominers hosted online, organisation must:

  • Watch your CPU. If in doubt, check the ‘Activity Monitor’ on a Mac or ‘Task Manager’ on Windows – this will provide an indication of unauthorised mining activities
  • Consider a plugin to control JavaScript. Free tools like NoScript let you keep control over intrusive JavaScript, Flash, and Java in your browser, allowing you to stop scripts from running automatically on unauthorised sites
  • Find out if your anti-virus detects coinmining tools. With the growth of cryptomining malware, it’s important to know where you stand with your security tools – asking how a vendor classifies browser-based coinminers, is key
  • Patch promptly. As ever, patching is critical to staying protected. Hackers who can break into your servers could add cryptomining code to leech ‘free money’ from all your website visitors, leaving you to bear the brunt of any complaints


Tags malwarecyber crimeBitcoincryptocurrency mining

Show Comments