With bitcoin prices exploding upwards and the cost of mining skyrocketing, enterprising hackers are turning to “cryptojacking” as a means to cash in. Cryptojacking isn’t exactly new, what’s new is how they are getting it done.

How Does the New Cryptojacking Work?

It’s really rather simple. Hackers break into websites and install a cryptocurrency mining malware package. When people visit the infected website the malware installs the mining software (these days, just a bit of JavaScript code) into their browser. Now, in the background the infected person’s computer tirelessly mines crytocurrencies on behalf of the hacker.  Most times the unsuspecting victim never even know that they are unwittingly mining away since the only indication is that their computer is using more resources than usual.

CoinHive

Previously, malicious miners had to break into your computer and compromise it with malware in order to have you unwittingly slave away at the mine. That all changed when the company CoinHive burst onto the scene according to a recent story on Wired.com. Coinhive developed a simple JavaScript solution to mining the cryptocurrency Monero. Their idea was  (and still may be J ) a good one – rather than serving annoying pop-up ads, as a way to monetize visitors, why not just siphon off a bit of their unused computing resources as a way to pay for the content they are consuming.

“Everything is kind of crazy right now because this just came out,” says Adam Kujawa, the director of Malwarebytes Labs, which does research for the scanning service Malwarebytes and started blocking Coinhive and other cryptojacking scripts this week. “But I actually think the whole concept of a script-based miner is a good idea. It could be a viable replacement for something like advertising revenue. But we’re blocking it now just because there’s no opt-in option or opt-out. We’ve observed it putting a real strain on system resources. The scripts could degrade hardware.”

What if You Have to Pay to Play?

What are your thoughts? Assuming you were asked to opt-in to a crytpomining operation in exchange for content would you do it? Would you rather be presented with pop-up ads? Would you rather just outright pay for content?

Konsultek’s Position

As partner’s with Malwarebytes, we’re currently protecting clients from cryptohackers by flagging sites with mining scripts on them as malicious and dangerous. If and when this concept matures to the point where an opt-in system is developed we may take a different stance.

 

 

read more