杏吧原创

You may be making cryptocurrency for hackers without realising

Thousands of websites are tricking people into mining cryptocurrencies like bitcoin, adblockers might be the only way to stop them
A person sat at a computer with piles of coins on the desk
Hackers could be cryptocashing in
PRImageFactory/Getty

Adblockers are trying to prevent people from accidentally helping criminals mine cryptocurrencies like bitcoin. Malicious code running in the background of thousands of webpages can hijack a visitor鈥檚 computing power to generate cryptocurrency in a process called cryptojacking. There is no sure-fire way to avoid cryptojacking, but blacklists managed by adblockers should keep you away from the worst culprits.

Around found on websites is modified from 聽something produced by the German company Coinhive. Their business model is that instead of websites bombarding visitors with adverts, they could mine a small amount of the cryptocurrency Monero, known for its high levels of anonymity. The websites get an income, which Coinhive gets a 30 per cent cut of, and the visitors get ad-free browsing.

However, although Coinhive asks users before nabbing their processing power, hackers are secretly placing a variant of the code that doesn鈥檛 onto thousands of different websites. This means anyone who visits those websites ends up unwittingly generating cryptocurrency for the hacker who snuck in the code. It鈥檚 not just desktop PCs and laptops that are susceptible. Anywhere Javascript can be run 鈥 including mobile phones and servers 鈥 can be a target.

And cryptojacking isn鈥檛 confined to the seedier corners of the internet. Official government websites, including two Ukrainian ministerial sites and the website of the president of Bangladesh, have all been hacked with cryptojacking code. Neither the website owner or the visitor make any profit, only the hacker does. In total the malicious code has been found running on at least 36,000 websites, and in 291 Android apps, according to recent analyses by Robert Baptiste, a researcher from French security company fsociety and Troy Mursch, who runs Bad Packets Report, a computer security website.

On the blacklist

In total, cryptojacking an estimated $150,000 per month. 鈥淥nce it鈥檚 placed on a website, anyone on any device with a web browser that visits that site immediately starts mining,鈥 says Mursch.

It鈥檚 not obvious when a computer has been affected, but people may recognise the symptoms of their processing power being diverted: laptop fans start spinning faster and mobile phones get hot, for example. One phone Mursch tested Coinhive on got so warm the screen became unsealed from the device.

A Coinhive spokesperson says the code being used for nefarious means was 鈥渘ot affiliated with Coinhive in any way鈥. And they hope the technology will be adopted through legitimate means. Coinhive has 120,000 accounts registered on its legitimate version, a third of which have been active in the past week. 鈥淲e believe the web is slowly learning how to best embed cryptominers without annoying their users鈥.

Users can protect themselves from cryptojacking by repurposing the humble adblocker. As well as blocking ads, these programs keep a list of blacklisted websites known to host cryptojacking code and can warn users before they visit them. 鈥淎dblockers have always been adblockers in name, but really they have been used by users for a number of different reasons,鈥 says Ben Williams of Adblock Plus.

We are likely to see cryptojacking for years yet, says Williams: 鈥淚t鈥檚 a new phenomenon and I don鈥檛 think it will stop.鈥

Topics: bitcoin & cryptocurrency / Computer crime / Internet / security