An observant Twitter user was the first to sound an alarm last month that the source code for an well known website, contained a tool that was secretly hijacking visitors’ computers to mine Monero, a Bitcoin like digital currency focused on anonymity.
It’s still not clear how the tool got there, and Showtime quickly removed it after it was pointed out. But if it was the work of hackers, the episode is actually part of a larger trend: security experts have seen a spike in cyber attacks this year that are aimed at stealing computer power for mining operations. Mining is a computationally intensive process that computers comprising a cryptocurrency network complete to verify the transaction record, called the blockchain, and receive digital coins in return (see “What Bitcoin Is, and Why It Matters”).
Coinhive’s miner isn’t the only one out there, and hackers are using a variety of approaches to hijack computers. Kaspersky Lab recently reported finding cryptocurrency mining tools on 1.65 million of its clients’ computers so far this year—well above last year’s pace.
In one instance, Fier’s team, which relies on machine learning to detect anomalous activity inside networks, noticed an employee at a major telecom company using a company computer in an unauthorized way to communicate with his home machine. Further investigation revealed that he had planned to turn his company’s server room into a mining pool.
So long as there is a potential payday involved, such inside jobs are likely to remain high on the list of cybersecurity challenges that companies face. As for keeping hacked websites from hijacking your personal computer? In an ironic twist, some ad blockers are now banning Coinhive.