Image showing man in hood watching futuristic screen and cryptojacking Coinhive for Monero
CoinHive, Monero and the Controversial Rise of Cryptojacking

CoinHive, Monero and the Controversial Rise of Cryptojacking

If your computer has been running slower than normal recently, you might have been the victim of cryptojacking, a controversial new practice in which hackers and other unauthorized individuals tap into your computer’s processing power in order to mine for cryptocurrencies. The most highly-publicized cases have been those involving the company Coinhive and the Monero cryptocurrency. The logic, from the perspective of hackers, is simple: the more computers they can use to mine these near-mythical cryptocoins, the more money they can make.

How cryptojacking works

In many ways, cryptojacking works similar to other malware that infects your computer. In the case of Coinhive, the culprit is JavaScript code that starts to run right within your web browser. This mining script doesn’t ask for your permission, and it doesn’t let you know you that it has gone to work secretly mining for the cryptocurrency Monero using your computer’s processing power.

In order to circumvent ad blockers and other forms of malware blockers, hackers sometimes invent creative new ways to create new windows and tabs right on your computer. They are, in essence, mining for cryptocurrency right in your browser window as you’re going about your daily business of checking emails and leaving comments on Facebook.

In one highly publicized case, a Starbucks customer in Buenos Aires found that the global coffee giant was inadvertently using its users’ computers in at least one Starbucks store to mine for the cryptocurrency Monero. Every time a new user connected to the store’s Wi-Fi network, Coinhive malware was loaded to the customer’s computer, and it was time to go to work mining for the cryptocurrency Monero while the customer was leisurely using the web and enjoying a nice latte.

The cryptocurrency bubble

The practice of cryptojacking is tied directly to the ballooning valuations for the world’s top cryptocurrencies. In case you haven’t checked recently, Bitcoin has exploded in value to nearly $16,000 for a single Bitcoin. And now other rival currencies with funny-sounding names – such as Ethereum, Litecoin, Monero and Ripple – are following in the path of Bitcoin, making money for users overnight.

Invest in even a fractional share of Bitcoin or Monero, and you could see your holdings increase in value by thousands of dollars overnight. There are even stories of Bitcoin millionaires being made almost overnight, based on stories of people scooping up Bitcoin when it was worth next to nothing and now selling a single coin for more than $10,000. People are taking out second mortgages on their homes, hopeful of cashing in what some people are referring to as a new type of “tulip mania.” As long as you can find someone willing to pay more for Bitcoin or Monero than you did, the thinking goes, you have a clear path to making serious money.

So you can see why cryptojacking has taken off. The process of mining for Bitcoins (or any other cryptocurrency) requires a tremendous amount of computing resources, and that’s why it’s essential to take over other users’ computers without their knowledge. The hackers want access to your computing power – the raw processing potential of your machine – and not to any data, information or secrets on your machine. And they certainly don’t want to share in any mining rewards.

Coinhive makes it easy for anyone to mine for Monero

There’s one more element involved here that has helped to create a “perfect storm” around cryptojacking, and that’s the revenue problems being faced by website operators. As online advertising revenue dries up, that has left websites looking for viable ways to make up the shortfall. One alternative, it appears, is cryptocurrency mining. Why not let your fans, users, and customers do all the hard work of mining for these coins? You can then walk away with any incremental revenue gained by mining cryptocurrency.

To make that possible, one of the most visible enablers of the whole cryptojacking phenomenon has been Coinhive, which has been advertising its services to online website operators looking to make a little extra coin. One advertising pitch, for example, extols the virtues of running a website without ads. The coin of choice is Monero – a sort of Bitcoin clone that is possible to mine directly within browsers.

So, in exchange for a fee, website owners can gain access to the special Coinhive JavaScript code that starts the cryptojacking process. With just a few simple keystrokes, they can add it to a webpage. When customers or visitors come to the website, the Coinhive malware has the potential to load on these computers, starting the whole Monero cryptocurrency mining malware cycle.

Where things get especially creepy, though, is that hackers have figured out how to load that Coinhive script on websites that have no idea of what’s going on. For example, the huge American TV network Showtime was found to have a browser cryptojacking script running in the background of its website – people heading over to the website to check out new movie and show listings then became sitting targets for these cryptojackers. The popular website Pirate Bay has been implicated in cryptojacking schemes. Streaming video sites have also been targeted by hackers. If your streams have been a bit wonky lately, it could be cryptojackers to blame.

That example of the Starbucks in Buenos Aires? According to the company’s spokesperson, it wasn’t Starbucks who was doing the cryptocurrency mining, it was some unauthorized third party that had hacked into the Wi-Fi service provider used by Starbucks in Argentina. In other words, plenty of good, well-meaning companies can get sucked up in the cryptojacking vortex without even knowing it.

Adware and malware blockers strike back

As you might expect, there have been calls for all blocking of cryptojacking. Some ad blockers, for example, now block cryptojacking scripts in addition to malware and intrusive ads. Malware blockers are beefing up their resources to block parasitic cryptocurrency malware that can drain CPU resources. And some web browsers – such as Opera – are now taking a zero-tolerance approach to cryptojacking and crypto miner schemes. Google Chrome has come under particular pressure to crack down on unauthorized Google Chrome extensions that enable cryptojacking.

The problem, quite simply, is that there appears to be an arms race of sorts involving websites, hackers, security researchers like Troy Mursch and cryptocurrency miners. As long as the price of crypto-coins continues to spiral upwards, hackers will have a real incentive to become more creative about their approaches to launching a JavaScript miner. For example, in October 2017, TrendMicro noted that cryptocurrency malware was now being loaded onto home Wi-Fi routers and IP-connected cameras. Other firms have found a significant increase in the number of smartphones and mobile devices being targeted by cryptojackers.

As can be seen, there are many different actors here – including some site owners who are so desperate for new revenue sources that they are willing to insert all kinds of new scripts on their website so that users run the miner. So let’s not forget the real problem here: greed. Most people who are making money from Bitcoin and other cryptocurrencies (including Monero) usually have no idea how these crypto-coins work, or why they should be buying them.

#Hackers loading #cryptojacking scripts on victim websites to siphon CPU power of visitors to mine #cryptocurrency.Click to Tweet

However, as we see in every speculative bubble, people are buying these coins because they can “flip” them to the next user for even more money – the same way that people “flipped” houses during the housing boom that eventually led to the collapse of the global real estate sector. So if you notice enticing come-ons about Coinhive or Monero from websites that seem too good to be true, you know the truth: any plan to mine for imaginary coins using your computer can’t possibly end well.