Recent events have conspired to further promote the outright banning of cryptocurrencies. Cryptocurrency mining hijacking has become a fairly common practice, with miners hacking into websites and company servers to increase their returns.

In order to generate a cryptocurrency, a computer essentially provides bookkeeping services to the coin network. Mining is essentially 24/7 computer accounting called “verifying transactions”. Transactions are verified and added to the public ledger, known as the block chain, and also the means through which new “coins” are released. Anyone with access to the internet and a suitable computer can participate in mining.

However, as cryptocurrencies have grown in popularity, the number of people mining has increased. As a result, generating a “coin” has become exponentially harder for each miner. It’s no wonder then, that we are seeing hijackings of other people’s computers in an effort to increase the mining chain and so generate more “coins”.

The first documented cryptocurrency malware attack was on an online portal that is visited by players of the game Eve Online. The game has millions of players worldwide, and the portal is a means through which they can trade in-game goods. This attack involved hiding the mining software in the code of the portal, and it subsequently hijacked the computers of every player on the site for the entire duration of their visit.

While this did nothing more than slow down those computers by putting strain on their graphics cards and processors, it was still illegal and considered a malware attack. A similar attack was recently found on the operational technology (OT) network of a water utility. Because an attack of this type increases device CPU and network bandwidth consumption, the response times of tools used to monitor physical changes on an OT network, such as HMI and SCADA servers, are severely impaired.

This, in turn, reduces the control a critical infrastructure operator has over its operations and slows down its response times to operational problems.

This is problematic for obvious reasons, but another attack – this time on government computers in the UK and the US prompted security researcher Scott Helme to comment: “The more I think about this the worse it becomes. Attackers had arbitrary script injection on thousands of sites including many NHS websites here in England. Just stop and think for a few moments about what exactly they could have done with that capability...”

Helme first noticed the malware, which he believes was running on more than 4 000 sites, including the U.K.’s Information Commissioner’s Office (ico.org.uk) and the website for the American court system (uscourts.gov). In order to get the crypto-mining software onto unsuspecting computers, the hack targeted an accessibility plugin called Browsealoud that makes the web easier to use for people with dyslexia or low English comprehension. After compromising Browsealoud, the hackers altered the plugin’s code, injecting malicious JavaScript in order to secretly run the mining software known as Coinhive on unsuspecting machines.

To make matters worse, smartphone users are just as vulnerable to cryptocurrency mining hijacks as their PC counterparts. Recently, there was a “drive-by” mining campaign that redirected millions of Android users to a website that hijacked their phone processors for mining Monero. While the exact trigger wasn't clear, researchers believe that infected apps with malicious ads would steer people toward the pages.

A good antivirus or security solution is the first line of defence against most breaches, but these types of hijackings might not be picked up. So if your computer or phone starts slowing down substantially, follow the tried and tested approach of contacting your tech support team.

Image credit: Copyright: monsitj / 123RF Stock Photo