How to Protect Yourself From the Crypto Mining Malware

Alex Lielacher
Last updated: | 4 min read

In September 2017, it came to light that the popular file sharing platform ThePirateBay was covertly mining the anonymous cryptocurrency Monero using the computer power of its users. Now, it seems that the crypto mining malware is everywhere these days.

It has been reported that the mining script has even been found in Youtube ads. Hence, it is important to be aware of how you can protect yourself against this type of malware.

Firstly, it is highly advisable to download and update a high-quality antivirus software such as Avast, which blocks crypto mining scripts and informs you when one is present on a website. Secondly, it is advisable to download a malware detection software such as Malwarebytes, which can detect malware that antivirus programs occasionally miss. Ad blocking software is also an option provided it is updated regularly.

Alternatively, you can also download the Opera Browser for both desktop and mobile as it now has an automatic crypto mining malware blocker installed.

Finally, you can simply open your computer’s resource manager and check the CPU (central processing unit) usage. If it is higher than usual then your computer has been hijacked for cryptocurrency mining and you can close the application that is causing your processing power to spike.

Now let’s look at the background.

What is Coinhive?

Coinhive is the first and most used cryptocurrency miner for webmasters who want to utilize the computing power of their users to mine the anonymous digital currency Monero (XMR). The ideas behind Coinhive is to provide website owners with an alternative monetization method that does not involve running ads on their websites.

Coinhive uses an application programming interface (API) that anyone can embed in their website’s code, which then mines Monero directly in the browser of the individuals visiting their sites. However, once Coinhive was launched, instead of informing users of the mining script, the majority of websites who embedded them did so without the knowledge of the user, slowing down their customers’ computers for their personal financial gains. That is why Coinhive and other online mining scripts are now largely considered to be malware.

Coinhive, however, is not the only online Monero mining software that has been used with malicious intent. Other online mining scripts include Crypto Loot, CoinImp, and Chinese PPOI . However, due to the open-source nature of Coinhive, many more mining scripts have been developed and installed on websites to mine Monero using the software. This is usually done without the permission of the user whose computer power is being hijacked.

Monero Mining Scripts Are Sixth Most Popular Malware

The implementation of Coinhive and similar mining scripts into websites without the knowledge of users has become so prevalent that in October 2017, it has become the sixth most popular malware in use, according to cybersecurity company Check Point.

In a press release, Maya Horowitz, Group Manager for Threat Intelligence at Check Point, said: “The emergence of […] Coinhive once again highlights the need for advanced threat prevention technologies in securing networks against cyber-criminals. Crypto mining is a new, silent, yet significant actor in the threat landscape, allowing threat actors to make significant revenues while victims’ endpoints and networks suffer from latency and decreased performance.”

Needless to say, crypto miners are slowly taking over the Internet with reports of thousands of sites being affected.

North Korea is Allegedly Using Crypto Mining Malware

Opportunistic website owners, however, are not the only ones who have made use of crypto mining scripts. North Korean government-backed hackers have allegedly also been using online monero miners in an attempt to generate an income for the regime according to Bloomberg.

In January, cybersecurity investigators discovered that mining malware was sending monero to an address traced back to the Kim Il Sung University North Korea’s capital Pyongyang. This, however, was not the first instance that mining scripts were used by North Korean hackers. Prior to this, a hacking syndicate called Bluenorroff mined the cryptocurrency, monero on hijacked servers while attempting to steal from a European financial institution. In addition, another hacking group called Andariel mined monero on the servers of a South Korean company, according to a report by cybersecurity experts AlienVault.

The Future of Crypto Mining Scripts

Coinhive’s idea of using in-browser cryptocurrency mining as an alternative monetization method for websites that are increasingly losing ad revenues due to the growing use of ad blockchain software is innovative and makes business sense.

However, it is clear that the current trend of Coinhive and similar crypto mining scripts is that they are being deployed without informing users and asking for their permission. In other words, crypto miners have become just another form of malware.

Having said that, antivirus software and browsers are catching up to this new malware trend and are implementing the much-needed protection for their users. Hence, it is unlikely that this type of malware will prevail.

The concept of web-based miners for website monetization, on the other hand, has the potential to prevail and even become a standard monetization avenue for online publishers provided they ask for their users’ permission upon opening the site and only use a small percentage of their CPU power for mining.