Cryptojacking, i.e. hijacking unsuspecting users computers for surreptitious cryptocurrency mining, has become a persistent issue. In the latest such incident, nearly 400 websites were infected with a Coinhive crypto mining code.
Cryptocurrency mining is a complex, resource-intensive, and competitive process. A combination of specially designed hardware, special-purpose software, and their users is called “Miner”. A miner is successful in his effort when he creates a new block in the blockchain underlying the cryptocurrency in question. Miners get a small fraction of the cryptocurrency when they are successful in creating a new block. Since miners are rewarded in this way for creating new blocks, the process is highly competitive.
To create a new block, a miner has to solve a cryptographic puzzle, essentially by executing massive number-crunching operations very fast, in a competitive environment. This is why the software is typically very powerful, and the hardware also has to be powerful enough to support the software. Miners often use Graphics Processing Units (GPUs) along with the Central Processing Unit (CPU) of the computer. Add the energy cost for running such heavy-duty computers for long periods of time, and you know that crypto mining requires a significant amount of investment.
While the early adopters of cryptocurrency mining had good return on investment (RoI), as time wears on, the RoI diminishes, due to the environment becoming increasingly competitive. Consider the fact that usually there is a cap on the maximum number of a cryptocurrency, for e.g. 21 million for Bitcoin, and you can see that in future the RoI from mining will diminish further.
The economics of mining is such that unscrupulous miners will want to grab other people’s computing power to mine cryptocurrencies, since doing so gives them access to larger computing powers and increase their chances of creating a new block. Cryptocurrency mining code being highly resource-intensive, it can slow down the computer or even damage it. For a user who is not into cryptocurrency mining, having her computer hijacked by miners can be very irritating, and potentially damaging.
In the latest incident, 391 websites, all of which were using an outdated version of the well-known content management system (CMS) Drupal, had been infected with Coinhive JavaScript miner code for cryptocurrency Monero (XMR). The websites impacted included those of the San Diego Zoo, The National Labor Relations Board (an US federal agency), and the government of Chihuahua, Mexico. Coinhive miner code were injected into their JavaScript libraries.
The incident was reported by cyber security researcher Troy Mursch on Saturday, May 5th. An important learning for web admins from this incident is that timely patching and security updates are very important for avoiding such attacks. Cyber security experts have repeatedly stressed on regularly updating and patching their software, especially web browsers, to keep their computers safe.
Coinhive is increasingly the tool of choice for hackers involved with cryptojacking, for e.g. between January 18th and 24th, Google‘s popular online ad serving service DoubleClick was attacked by Coinhive Monero miners. High number of security incidents involving Coinhive has prompted the American Internet security company Malwarebytes to ban it.