Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
By Jasmin Boyce

Hackers are quietly hijacking personal computers, company servers, cable routers, mobile devices and other forms of computing power to stealthily mine cryptocurrencies — a problem that cybersecurity experts warn is growing rapidly.

The act, known as cryptojacking, has grown in popularity because it is hard to detect and reasonably passive, unlike other hacks such as Ransomware, which can encrypt files or lock users out of systems until money is paid.

“It's sneaky,” said Raj Samani, a chief scientist at the cybersecurity firm McAfee. ”Ransomware, for example, is very confrontational, where cryptojacking looks to be as surreptitious as possible.”

Cryptojacking is also easy to execute, sometimes even hiding in ads on websites.

“Cryptojacking scams have continued to evolve, and they don’t even need you to install anything,” Jason Adler, an assistant director for the Federal Trade Commission, wrote in a blog post in June. “Scammers can use malicious code embedded in a website or an ad to infect your device. Then they can help themselves to your device’s processor without you even knowing.”

The rise in the value of bitcoin and other cryptocurrencies in recent years has made cryptocurrency mining a lucrative activity. Cryptocurrency mining uses computing power to compete against other computers to solve complex math problems, with that effort rewarded with bits of cryptocurrencies. That computing power helps create a distributed, secure and transparent network ledger — commonly known as a blockchain — on which applications such as bitcoin can be built.

Cryptocurrency mining can be an expensive proposition, requiring computing hardware and electricity. Cryptojacking offers cybercriminals a way to steal computing power from other people to bypass the effort and expense. Cryptojacking software operates on computers in the background, with the only evidence of its presence signified by a user’s device overheating or slowing down.

Cryptojacking’s mix of low risk and high reward have led to a significant increase in attacks, with a June report from McAfee finding 2.9 million examples of mining malware — malicious software — in the first three months of the year. The company said that was a 629 percent increase from the last three months of 2017.

“The pick up was just massive,” Candid Wueest, a threat researcher at the cybersecurity company Symantec, said. “It caught a lot of people by surprise.”

Computer owners should be on the lookout for a slowdown in their computers, rising electricity bills and sluggish internet speeds.

The influx in malware led some online companies to implement protective measures for their users. Google announced in a blog post in April that it would no longer allow browser extensions in its Web Store that mine cryptocurrencies. The online store allows for users to pick extensions and apps that personalize their Chrome web browser, but the company noted that the “capabilities have attracted malicious software developers who attempt to abuse the platform at the expense of users.”

Smartphone apps can also contain cryptojacking malware. A study released in September by Sophos, a cybersecurity company, revealed at least 25 apps in the Google Play Store had hidden coin mining malware.

Google included a chart showing how cryptojacking software in browser extensions drastically increased the computing power.

Image: Cryptomining
Cryptomining

The apps, “disguised” as game and utilities, were downloaded more than 120,000 times by unsuspecting users, causing mobile devices to transform into “cryptocurrency churning rigs,” according to Pankaj Kohli, a threat researcher at Sophos.

While cryptojacking has malicious origins, some legitimate groups have begun to explore whether the concept could be used for good.

UNICEF appealed for computer power instead of cash in February during a fundraiser caller “Game Chaingers.” The organization persuaded computer owners to voluntarily relinquish computing power to it, raising upward of $50,000 within 59 days by mining for a cryptocurrency called Ethereum.

Salon, a digital news outlet, prompts users with ad-blockers to surrender a portion of their computer processing power to mine for cryptocurrency while the user browses the site.

Cryptojacking and legitimate mining, however, are sensitive to cryptocurrency prices, which have declined sharply since their highs in late 2017 and early 2018. According to a McAfee September 2018 threats report, cryptojacking instances “remain very active,” but a decline in the value of cryptocurrencies could lead to a plunge in coin mining malware, just as fast as it emerged.