Crypto-Miners: What Are They and What Steps You Can Take to Protect Yourself

February 21, 2018 | David Bisson
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Bitcoin's value grew significantly in 2017. At the beginning of the year, a single Bitcoin was worth less than $1000. By year's end, its price had grown to over $13,000. That's after peaking at $19,086.84 on 19 December.

Such growth didn't go unnoticed by digital attackers or by organizations looking to supplement their online advertising revenue. Both responded by deploying crypto-miners. These tools help generate money for domain owners, yet they oftentimes have negative consequences for unsuspecting users exposed to them.

To better understand the growing threat of crypto-miners, let's take a look at how crypto-mining works in general, how bad actors are abusing them to take advantage of ordinary people, and how users can protect themselves.

What Are Crypto-Miners?

Crypto-miners are tools that "mine," or generate, new units of a cryptocurrency like Bitcoin. They do so by completing mathematical puzzles that constitute what Hacker Noon's Chris Herd calls "proof of work calculations" for the new units. The process of mining doesn't just generate cryptocurrency; it also adds, secures, and verifies transactions to the blockchain.

A deeper dive into how cryptocurrencies work is necessary to better understand crypto-miners. Digital currency like Bitcoin runs on the blockchain, a ledger of transactions which is distributed across the entire community of users who own units of that cryptocurrency. Benzinga staff writer Shanthi Rexaline explains it's here where mining comes into play:

Every single transaction made and the ownership of every single cryptocurrency in circulation is recorded in the blockchain. The blockchain is run by miners, who use powerful computers that tally the transactions. Their function is to update each time a transaction is made and also ensure the authenticity of information, thereby ascertaining that each transaction is secure and is processed properly and safely.

Every 10 minutes, mining computers collect a "block," or a few hundred pending Bitcoin transactions, and turn them into a mathematical puzzle. Those computers then use special equipment to compete against one another to solve that puzzle. Whoever completes the challenge first is eligible to receive a reward of 12.50+0.943 BTC, which is worth approximately $113,834.49 USD as of 7 February 2018.

The Economist explains that the first miner to find the solution to the mathematical puzzle can announce it to the Bitcoin community. At that point, the other miners verify if the solution is correct. Assuming it is, the block is cryptographically added to the ledger, with the miners moving on to the next grouping of transactions, thereby adding to the blockchain.

Source: Bitcoin 2.0 (SlideShare)

How Malware Authors Are Abusing Crypto-Mining

Crypto-mining isn't itself malicious in nature. But bad actors are abusing it for nefarious purposes. They're doing so by illegally accessing important business assets such as servers used for electronic medical record (EMR) systems or the back-ends for corporate websites and installing cryptocurrency miners on them. This software generates new digital currency for the attackers all the while hijacking the affected asset's CPU and driving up its power demands. With those affected resources lacking specialized rigs designed for mining cryptocurrency, crypto-miners slow down business processes and drive up the organization's electricity consumption.

Sophos CTO Joe Levy thus has no tolerance for organizations that justify the use of crypto-miners for the purpose of generating advertising revenue and don't tell users:

Our position is that when this software is run in any user’s browser without an organization’s consent, it is parasitic, and should be considered malware because we don’t have something called parasiteware today. In instances where an organization really wants to donate its CPU/GPU cycles, and where the mining operation has gone to sufficient lengths to enable vendors like us to easily differentiate between consensual and non-consensual versions, then we can have a discussion about different classifications.

Numerous malicious crypto-mining tools are now making themselves known to security researchers. Yet none have done so as swiftly as Coinhive. It's a JavaScript utility that mines for Monero by embedding into domain owners' websites. Launched on 14 September 2017, the miner earned sixth place on Check Point's Global Threat Index of the "most wanted" malware in October. Two months later, the malware came in at the top spot.

A screenshot of Coinhive's official website. (Source: Malwarebytes)

Driven in part by Coinhive's popularity, malicious crypto-miners expanded their reach considerably in 2017. These tools victimized 1.65 million clients' computers in the first eight months of the year, Kaspersky Lab found. IBM's X-Force team tracked a six-fold jump in cryptocurrency mining attacks aimed at enterprise networks over the same period.

How to Protect against Malicious Crypto-Mining

Malicious crypto-miners will likely continue to increase in number in 2018. Fortunately, users can take steps to protect themselves against this growing threat.

They can begin by installing a browser extension that targets popular crypto-miners. minerBlock and No Coin are two of the most popular of these solutions. They work like an ad-blocker by allowing users to block offending domains and add them to a blacklist.

Users can also target a wider variety of JavaScript-based threats including Coinhive by installing an extension like NoScript or ScriptSafe.

David Bisson

About the Author: David Bisson
David Bisson is an information security journalist and security news junkie. He is the Senior Content Manager at Bora Design, an IT security marketing agency which specializes in content creation and social media management. Through Bora, he serves as Associate Editor for The State of Security, the official blog for Tripwire, Inc., and Contributing Author for Venafi. David also writes for IBM Security Intelligence, Gemalto, and others.
Read more posts from David Bisson ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL CHAT