Your Computer Has Probably Been Used to Mine Bitcoin without Your Knowledge—Here's How to Make Sure It Doesn't Happen:

Be it the Great Australian Gold Rush, the deep 250-mile gold run found in South Africa, or the California Gold Rush, rarely has any event motivated such a large number of treasure-seeking prospectors in the history of humankind to mine for wealth more than the fascination for gold. You probably haven’t witnessed any of these historical gold rushes.

However, in recent years, the world has seen a rush for a new type of gold that is found in today’s ubiquitous digital world. It’s not the physical gold that attracted many people to the mining enterprise. Instead, it’s cryptocurrencies such as Bitcoin.

In the present day, a gold pan and a shovel are not the tools you need for this modern day rush for mining. Nowadays, the tools required are an arsenal of servers. Or, if you lack the capital to invest in this expensive infrastructure, you can simply go for the alternative: a few lines of malicious code.

The Rush for Cryptocurrency

Cryptocurrencies are extremely popular nowadays as a growing number of people invest large sums of money in crypto exchanges to obtain a digital wallet for holding highly valued cryptocurrencies, such as Bitcoin. These digital currencies are subject to enormous speculative fluctuations.

Therefore, the less risky way of participating in the enterprise is by mining the cryptocurrencies. To do this, miners rely on the processing power of computers. The computer systems needed to mine cryptocurrencies nowadays are far more powerful than those required a few years ago, when digital currencies were not nearly as popular. Miners generate the currency by creating and managing digital ledgers, and they are rewarded by receiving a share of the currency that they generate.

As with other forms of business, in addition to attracting many legitimate business-minded individuals, the cryptocurrency rush has also attracted unscrupulous players who prefer to use unethical means of generating wealth. The intricacies of cryptocurrency mining rely on massive energy consumption and processing power to generate digital currencies such as Bitcoin.

In turn, this necessitates the need for a large amount of capital to purchase extremely powerful computer infrastructure and processors. To get around this barrier of entry, unethical fortune-seekers have developed methods of leaching on the CPU power of unsuspecting Internet users. Even though a single client device has absolutely no capacity to mine digital currency, a vast collection of such devices can achieve the task. Hackers hijack a multitude of ‘zombie’ devices to mine cryptocurrencies.

One of the unscrupulous methods of building a vast team of miners is the use of crypto-mining malware. It works by infecting the device of an unsuspecting Internet user with a malicious code that taps into the power of the host hardware’s CPU and memory to recruit it into an army of mining computers. This variety of malware emerged around the time Bitcoin was developed.

However, it was phased out when consumer-level computers no longer had the capacity to handle the harsh requirements for Bitcoin. However, as a result of the emergence of numerous other cryptocurrencies, the use of crypto-mining malware resurfaced and exploded along with the value of the popular digital currencies. Furthermore, many hackers that previously relied on ransomware as their main source of income have now migrated their criminal enterprise to crypto-mining malware, the more stable and predictable alternative.

Types of Threats Associated with Crypto-Mining

According to a report by an IBM security team, there has been a 600 percent increase in the number of crypto-mining related threats in the last year. Kaspersky Lab reported that they found crypto-mining malware in the client computers of 1.6 million users.

One such malware was Adylkuzz, which was reported to be one of the largest threats in 2017. It typically infiltrates computers in the same way as the WannaCry virus: by using a vulnerability in the Server Message Block protocol. However, unlike WannaCry, this crypto-mining malware doesn’t need any manual interaction to find its way into the system.

Even though some attacks related to crypto-mining use traditional methods such as attachments and links embedded in emails, other varieties of attacks rely on a method known as cryptojacking. A number of these tools are injected into popular websites to infect as many users as possible.

However, some well-known websites purposefully engage in cryptojacking to generate revenue from their users. With popup ad blockers becoming increasingly popular, revenues from ads have plummeted and some online businesses are resorting to cryptojacking to make more money.

Two of the most common crypto-mining malware in 2017 included:

  • Coinhive. This crypto-mining malware is aimed at mining the cryptocurrency Monero whenever users visit a webpage. It works by injecting a JavaScript code into the user’s device.
  • This was the closest competitor of Coinhive, which it almost overtook thanks to its low commission rates.

Up to 500 million computers were infected by Coinhive. Some estimates claim that up to 55 percent of online businesses had been infected by the malware. At one point, users complained about a crypto-mining code being present in the ads delivered to them on YouTube.

Detecting and Stopping Crypto-Mining Malware on Your Devices

Your devices’ performance can be drastically hampered by crypto-mining malware. In some cases, the malware has even caused damage to the device. Symptoms that your device may be infected include significant decreases in speed, overheating, and CPU over-usage.

The most effective way of knowing whether your device has been infected is checking your CPU and memory performance levels using the Task Manager. If the CPU usage level stays above 70 percent for a significantly long duration, your computer might be infected.

If this is the case, you need to install a powerful, up-to-date antivirus. Additionally, privacy is a major concern. For that reason, it is advisable to use a powerful VPN even for your day-to-day browsing activities to ensure maximum online security and privacy.

Another basic measure which you can take to ensure that your computer is safe from crypto-mining attacks is protecting your browser. Steps include:

  • Disabling JavaScript in Internet Explorer and Edge browsers
  • Enabling popup blockers and using an ad extension for blocking popups
  • Using the minerBlock extension for Chrome
  • Using NoScript and other JavaScript-blocking extensions for Firefox

Among the most powerful measures for keeping your devices safe from crypto-mining threats is regular patching. Also, steer clear of freeware websites that can download unwanted applications into your device. Use antivirus, antimalware and VPN software to stay safe, because as long as crypto-mining remains lucrative, you can be sure there are always threats lurking out there.