As Bitcoin prices surge as high as US $19,000 a few days ago, everyone is jumping on the cryptocurrency mining train.
Even though the Average Joe like you and me would dare not try to mine a Bitcoin (because of the immense finances and resources needed to do so), new forms of cryptocurrencies are gaining momentum because of the potential to make insane amounts of money like Bitcoin is doing now.
Other big names like Litecoin, Ethereum, Monero, Dash, and Ripple are slowly gaining value as more people seek alternative ways to mine and sell these coins for some decent cash. There are many others out there, but most don’t have the hype behind them like those I mentioned. For instance, a single Dogecoin was worth US $$0.00708 as at December 2017. That’s a mere 7/10th of a 1 cent piece. In short…worthless.
As coins becoming harder to mine (solving increasingly difficult computational equations), the question of how to save money on mining comes to the forefront. Yes, you can spend a fortune on a massive mining server farm, but would the cost to buy the hardware, maintain it, and pay for electricity be worth it in the long run, even with the potential of very high coin prices?
Instead of paying the full cost to run intensive CPU and GPU operations, why now pawn it off on unsuspecting users? Websites like Coinhive offer a service where a script can be placed on publisher websites so that the CPU processing power of individuals viewing those websites can be used as a collective to mine coins. It’s not effective with Bitcoin because of the sheer amount of resources needed, but it works just perfectly for less popular coins like Monero and Ethereum.
Coinhive themselves are a legitimate operation, but the publishers MUST make it clear to their viewers that their computer processing power is being used for mining while they’re on the website. Unfortunately other rogue services create basic scripts and plugins (e.g. WordPress plugins) to offer a simple service, while secretly injecting their mining script in the background. A less savvy web admin might be completely unaware of the situation because the server performance remains unaffected, while the regular viewer pays the price at the end of the day.
If you want to read up more about this, check out this very in-depth article.
Alright, enough of the rambling. Let’s get into it.
Detecting a miner: sudden increase in CPU usage
The main giveaway is a sudden spike in CPU usage. Most mining scripts try to use as much CPU processing power as possible, so an immediate jump when browsing certain websites is a dead giveaway. Your system may also feel a bit slower when trying to open other windows or programs.
When I fell victim to one of these scripts, my system fan suddenly throttled up to full speed even though I only had the browser open.
You can check the Task Manager on Windows or the Activity Monitor on Macs to check whether usage spikes when you visit a site. For most of us, CPU usage should be minimal (relative to your current tasks). If your usage suddenly spikes while visiting a particular site and then dips back to normal after you leave, then there’s a good chance that that website may be running a crypto miner.
Some miners secretly open pop-under windows so that even when you exit the host website, the script can still run in the background until you properly exit the browser. If you close all your browser windows and still see it as an active process with high CPU usage, there may be an open window hiding behind the taskbar, running the mining script.
Unfortunately newer rogue mining scripts are being tuned to use much smaller percentages of CPU power, so it may not be as obvious to detect these scripts in the future as newer code is released into the wild.
Watch out for malware
Most of us do not have to worry too much, because if we can identify a website running a mining script, we can avoid it all together. However, there are some forms of mining malware which are spread via various phishing mechanisms. An infected system can then be used around the clock to help mine coins, even when the user is not visiting any websites (as the script is now running on the machine itself and sending the results back to a server).
Again, you can use your Activity Monitor or Task Manager to find the culprit and then work on flushing out the malware.
Use an ad or script blocker
So far, most mining scripts mimic the format being used by Coinhive. Adding a few blacklist wildcards might be enough to do the trick to block most of the current scripts. Add-ons like Ghostery and NoScript can also be used to detect and filter out mining code.
If you view the source code of the culprit site, you might see something like this tucked away.
var miner=new Client.Anonymous('Miner Key');miner.start();
Unfortunately there is still a lot of trial and error as security teams are still trying to properly figure out a way to quickly detect these scripts and shut them down.
Report potential abuse to the web host
If you’re a bit more tech savvy and know how to look up the hosting provider on which these mining scripts are hosted, it’s never a bad idea to report them to the respective providers. If they determine that their servers are indeed being used for malicious purposes like this, they can shut down the service from the hosting side of things, making the embedded website codes harmless.