Are you caught in the Bitcoin “gold rush” but is someone else reaping the rewards?

Regardless of what you believe about cryptocurrency, it’s still around. People are still getting rich – some legitimately and others, well, less so. While doing some network data analysis, we discovered an ingenious kind of “startup” that has been spawned as a result of the cryptocurrency opportunity: Device hijacking for cryptocurrency mining.

To understand the opportunity here for hackers, one needs to understand where cryptocurrencies come from versus the traditional currencies we are familiar with. The major difference is that while traditional currency is issued by a central government, cryptocurrencies are created through a technology called “blockchain” through a process called “mining”. To get it, miners solve math algorithms and are issued cryptocurrencies such as Bitcoin, Ethereum, Monera, Dogecoin or others in exchange. This requires significant processor power and the higher the value of currency the more processing power and time are required.

Recently, hackers caught on to a brilliant idea to monetize the Internet and are actively subverting legitimate cryptocurrency miners to grab a share of this new revenue stream. One such mining site is CoinHive – which introduced a novel way to mine cryptocurrencies. CoinHive lets websites surreptitiously install JavaScript on a website, such that visitors to that website “allow” their CPU processing power to be “borrowed” via their browser in order to mine the Monera cryptocurrency. The more visitors that come to the site, the more CPU power is borrowed, and the more Monera revenue is earned by the miner. The issue with CoinHive code is that it often does not inform site visitors that their CPU resources are being used, much less ask their permission or enable them to opt out. As unwitting enablers of cryptocurrency mining, people will not understand why their PCs and laptops aren’t performing as they should.

Now enter the hackers and the whole business begins to look and act more like malware as malicious players inject cryptominer scripts (in the form of a Trojan virus) to siphon off PC or mobile handset resources to line their own pockets, often rerouting the Monera earnings to unauthorized third parties. To be fair, CoinHive recently released new code that first asks visitors for permission to borrow their CPU resources, but the old version is still on offer as well, leaving critics to wonder why.

Players like CoinHive have come to the attention of anti-virus and anti-malware players like Malwarebytes, Checkpoint and Kaspersky Lab, who have categorized the webite as malware and allow customers to block it accordingly. Malwarebytes says that the main reason they block CoinHive is “because there are site owners who do not ask for their users’ permission to start running CPU-gorging applications on their systems.” But if you want to create an exception for CoinHive, Malwarebytes will allow it. It’s all about making sure that people are informed and participate willingly rather than being coerced into donating processing power to a legitimate party or a hacker.

Providers of consumer and business security services like Vodafone are also playing a role in protecting unsuspecting users from sites and applications (as has been reported by some very notable ones, in Google Play)  hosting a CoinHive script. Through their network-based Security as a Service offering, Secure Net (powered by Allot), Vodafone is able to identify and block access to sites and apps at risk of being a source for CoinHive code. In fact, in a November press release, Vodafone Spain noted that in recent months on average, their Vodafone Secure Net service blocked CoinHive 800 times per user per month.

The compelling advantage of a network-based service like Vodafone Secure Net is that every-day Internet users like most of us don’t have to become experts on all the latest methods that cybercriminals are cooking up to invade our privacy, extort money, or simply disrupt our lives. We don’t have to know which of the “5 Best” or “10 Best” anti-virus apps to install on our smartphones and which to install on our PCs and how to keep them up to date. The service provider’s network-based security service handles that for us, no matter what device we use. With new malware and hacking escapades showing up in the headlines almost daily (not to mention on our computers and smartphones) Internet security services from a powerhouse provider like Vodafone are one of the best investments a consumer can make to stay safe online.

Net Neutrality – Dead as a Dodo
DPI: Enabling secure, personalized and metered services

Leave a Comment

Your email address will not be published. Required fields are marked *