Cryptocurrencies are continuing to increase in value. The most popular of these currencies, Bitcoin, recently broke the $6,000 mark. Unfortunately, this recent boom has inspired a new breed of malware designed to help hackers harvest Bitcoin and other cryptocurrencies.
Many websites now unknowingly containin code which will secretly use a visitor’s computer to mine cryptocurrencies. The code is usually written in Javascript and inserted into sites which employ poor security or have fallen victim to software bugs.
In October, it was found that hundreds of websites were hosting code written by Coin-Hive, which allows the websites to generate Monero coins by taking advantage of the processing power of computers that visited the site. Some of the sites had added the Coin-Hive code themselves, but others had been hacked.
In total, roughly 150 domains were found to be hosting the Coin-Hive code. The code was most commonly found on porn, file-sharing, and video sites.
It’s important to keep in mind that most security companies do not consider in-browser mining to be malicious in and of itself, but in this case, many of these sites don’t ask the user’s permission beforehand. While Coin-Hive is one of the larger examples of such code, there are plenty of knock-offs, including some which work on mobile devices. Such code will often rapidly drain a smartphone’s battery, as mining cryptocurrency requires a lot of power.
Many of these programs are also targeting popular content-management systems such as WordPress. Catalin Cimpanu of BleepingComputer found several WordPress plug-ins that use visitors’ computers to mine cryptocurrencies. None of these plug-ins ask a user’s permission beforehand.
There is now a WordPress plugin for Coinhive mining https://t.co/ZVe2ZGCiQb #monero pic.twitter.com/tUgBRw0qSx
— Catalin Cimpanu (@campuscodi) October 14, 2017
This new wave of malware has prompted tech companies to take action. Many anti-virus programs have been updated to combat such software, and Google is working on a fix for the problem within the Chrome browser. Meanwhile, Coin-Hive has released an official version of its software, which requires permission before accessing a user’s computer.
This rise of malware is only one of the problems facing cryptocurrencies right now. Both China and South Korea have banned initial coin offerings due to fears that attempting to raise money via cryptocurrency could lead to fraud.