Key Points
This week has seen the seemingly unstoppable surge of the cryptocurrency ‘Bitcoin’ hit over $10,000 for the first time. As private investors across the globe become giddy and over-excited about their capital gains, something slightly more concerning is going on in unsuspecting users’ web browsers without their knowledge.
‘Mining’ a cryptocurrency means using the processing power of a computer to make cryptographic calculations which are essential for currencies like Bitcoin to work. In return for performing these calculations, the computers which are crunching away at those numbers are rewarded for their hard work. They are usually paid in the same currency which they are mining, so Bitcoin miners are paid in Bitcoins.
There has been a recent surge in malicious and even legitimate websites taking advantage of the latest crypto-craze by surreptitiously mining Bitcoins on their users computers as they browser the website. Websites such as the infamous torrent portal ‘The Pirate Bay’ have embedded javascript in their pages to force their users to mine Bitcoin on their behalf, stuffing their pockets with cryptographic cash.
This may not sound like a huge deal to some people, but it’s important to note that the mining process is pretty intensive, and will use up precious processing power that your computer could be using to do other things. What’s more, some malicious sites have recently been found to be hiding the process using a “Pop-under” window, to attempt to keep the process running, even after you’ve closed your browsing window! It might be worth keeping an ear out for when your PC’s fan spins up as things get hot, or tracking your computers CPU usage as you visit certain sites.
So how can I protect myself?…
It’s important to note that trusted websites of well known organisations will not be abusing their power in this way. If your browsing habits regularly take you off-piste, however, we recommend installing a script blocking extension in your browser. This will allow you to pick and choose when to allow javascript to be run in your browser, giving you a chance to think twice before allowing any old website to juice your CPU for all it’s got!
Thanks to Chris Wallis.
Dan heads up the Security team at Intruder. His background is in .NET software engineering, consulting, and penetration testing.
