Scammers are secretly installing ‘mining code’ in websites so that they can use the computers of website visitors to help them generate digital cash or ‘crypto-currencies’.
What’s Happening?
Hackers are operating a popular scam which involves installing ‘mining script’ code such as Coin Hive into multiple web pages without the knowledge of the website owners. The scammer then gets multiple computers to join their networks so that the combined computing power will enable them to solve mathematical problems. Whichever scammer is first to solve these problems is then able to claim / generate cash in the form of crypto-currency.
If, for example, a website is able to get one million visitors a month, and if the Coin Hive Web Miner for Monero (XMR) is used, it could generate an income of £88 in the Monero crypto-currency.
What Is Coin Hive?
Coin Hive is crypto-currency mining software written in Javascript, which sends any coins mined by the browser to the owner of the web site. If you visit a website where it is being used (embedded in the web page), you may notice that power consumption and CPU usage on your browser will increase, and your computer will start to lag and become unresponsive. These slowing, lagging symptoms will end when you leave the web page.
Cloud Being Used
There are reports that this crypto-currency mining scam is now being extended to target cloud-based computing services. If hackers are able to break into a cloud account they can harness a huge amount of computing power and use multiple machines to try and generate more income.
With cloud billing services making it hard to detect the scam before it is too late, victims can be left with large bills for servers that hackers have been using for their coin mining.
Measures Being Taken
Many different measures are now being taken by companies and organisations to stop the surreptitious use of mining including:
- Researchers in Illinois are developing a monitoring system that can spot the signs of mining software e.g. the increased activity in processors when working out the complicated maths problems. The researchers are working with a cloud company with a view to deploying it in their network, and have plans to extend the system to personal computers.
- Government officials the Crimean council have reportedly been sacked for using mining software on government computers.
- The creators of the FiveM add-on for the video game GTA (Grand Theft Auto) V have released an update which stops people from being able to add miners to their code.
- Security service Cloudflare has suspended the accounts of some customers suspected of using mining scripts.
What Does This Mean For Your Business?
The increased CPU usage and slowing down of computers caused by mining scripts waste time and money for businesses. There are some simple measures that your business can take to avoid being exploited as part of this scam.
If, for example, you are using an ad blocker on your computer, you can set it to block one specific JavaScript URL which is https://coinhive.com/lib/miner.min.js . This will stop the miner from running without stopping you from using any of the websites that you normally visit.
Also, a dedicated browser extension called ‘No Coin’ is available for Chrome, Firefox and Opera. This will stop the Coin Hive mining code being used through your browser. This extension comes with a white-list and an option to pause the extension should you wish to do so.
Coin Hive’s developers have also said that they would like people to report any malicious use of Coin Hive to them.
Maintaining vigilance for unusual computer symptoms, keeping security patches updated, and raising awareness within your company of current scams and what to do to prevent them, are just some of the ways that you could maintain a basic level of protection for your business.