Grab a Pickaxe! Let’s Go Mining for Digital Currency
If you don’t know what cryptocurrency is, we’re going to give you some simple background information so that you can understand what’s about to transform the world of adware and maybe even alter the way malware works
The most well-known cryptocurrency is Bitcoin. Bitcoin became popular because it could be used to buy things (not always legal) on the Dark Web. When people paid with Bitcoin, the payment couldn’t be traced back to them, therefore many people got away with buying many illegal things on the Dark Web, particularly on a site known as Silk Road. Eventually, Bitcoin moved out of the shadows and into the main stream and it’s accepted as payment at many online retailers – you can even pay for your Uber ride with Bitcoin.
Bitcoin became the darling of investors too. As it continually rose in value from a few hundred dollars for one Bitcoin to thousands of dollars in just 18 months. However, the value fluctuates daily. Today, October 26, 2017, one Bitcoin is worth $5871.40 USD.
There are many different cryptocurrencies. Most of them seem to rapidly increase in value. One cryptocurrency, called Ethereum was $8 in January of this yea, and now it’s worth $294. Another digital currency, Litecoin, was worth $3.77 last October and is now up to $55.39. Another, called Monero, which we’ll discuss later, is valued at $87.12.Think of digital currency (cryptocurrency)as being like stock. You can buy it, sell it, and trade it, but unlike stock you can purchase goods and services with it.
For an easy read on how digital currency works see “A simple guide to Bitcoin“.
How does cryptocurrency mining work?
According to Jareth at Emsisoft…
“Cryptocurrencies are built on blockchain technology. It’s essentially a distributed and decentralized ledger. The term ‘mining’ refers to a user verifying the data in this ledger over and over again. When the blockchain determines enough effort has been put into the verification process, it rewards the miner with a fraction of a digital currency….”
OK… that’s a tad difficult to get your head around if you don’t know much about digital currency.
So let’s put it another way. Let’s say your computer is a pickaxe and you’re a miner. You know there’s gold in them thar hills, but it’s buried deep inside the rocks. You go out alone with your pickaxe and hack away at that rock. You know you’re going to be there for a long, long time. It will take you months, even years to unearth your treasure. Now lets say you have hundreds of pickaxes and hundreds of friends, and if you all worked together, you could extract your treasure in a few hours.
So let’s think of cyptocurrency as gold. If one computer equals one pickaxe there’s no easy money in mining for “gold”. But what if you had a web site with thousands of visitors every day and you could turn all your visitors’ computers into pickaxes without them even being aware of it? You could turn them into miners without them being aware of it. Think of thousands of pickaxes hacking away at the rocks every hour, every day. Gold, gold and more gold. And the only one who reaps the reward is you: The website owner. Your visitors didn’t even know their computers were even being used as a pickaxe for you. You walk away with the gold and your visitors are none the wiser.
You can see why this new way to make money is going to be increasing in popularity — and why you’re once again in the crosshairs.
The growing trend is for Websites to surreptitiously inject code into their websites to and hijack their visitors computing power to engage in cryptomining. With the power of thousands of computers’, website owners stand to reap a hefty reward in the form of digital currency, while the user remains unaware that some of his computer’s processing power is being used.
How many of you like ads? How many of you click on ads? Not many. We can tell you that from experience. Our ad revenue has declined significantly over the years as ad-blocking technology gets better and better. Some website owners, who have expenses to meet are turning to digital mining in order to sustain their sites… or just to make some easy money.
When a site hijacks your computer’s processing power without your knowledge or consent, it’s called Cryptojackting. You visit the site and you’re computer is turned into a miner, and you will most likely never be aware of it.
What is Monero? According to https://getmonero.org/ :
Monero is secure.
Monero is a decentralized cryptocurrency, meaning it is secure digital cash operated by a network of users. Transactions are confirmed by distributed consensus, and then immutably recorded on the blockchain. Third-parties do not need to be trusted to keep your Monero safe.
Monero is private.
Monero uses ring signatures and ring confidential transactions to obfuscate the amounts, origins, and destinations of all transactions. Monero provides all the benefits of a decentralized cryptocurrency, without any of the typical privacy concessions.
Monero is untraceable.
Sending and receiving addresses as well as transacted amounts are obfuscated by default. Transactions on the Monero blockchain cannot be linked to a particular user or real-world identity.
Monero is fungible.
Monero is fungible because it is private by default. In its current state, it is extremely unlikely that Monero will ever be blacklisted by exchanges or vendors due to its association in previous transactions…
But is it legal to use other people’s computing power without their knowledge or consent? According to Emsisoft’s Jareth:
“In-browser mining without your consent can safely be classed as criminal activity. It devours your CPU power, uses your electricity and potentially leaves you exposed to some privacy and security concerns without giving you the choice of backing out.”
And if you think this is an obscure threat, think again. On September 26, 2017, The Verge reported:
“…Showtime websites were found to be running a script that allows the sites to mine visitors’ extra CPU power for cryptocurrency… The afflicted sites included showtime.com and showtimeanytime.com, but the script has since been removed following reports from Gizmodo and other sites.
The script mines the cryptocurrency known as Monero. Launched in April 2014, Monero is meant to be a more anonymous version of Bitcoin because you can purchase it offline with cash. Thirty percent of the proceeds go to Coinhive, while sites using the service, like Showtime and The Pirate Bay, keep the rest. For its part, The Pirate Bay has apologized for secretly running the script and then asked its users if they preferred ads or CPU mining. Surprisingly, many of the comments indicate a positive reception towards the idea…”
And, it’s not new. It’s been around for several years. According to Jareth at Emsisoft:
“… In 2014, tech giant Yahoo accidentally exposed some two million European users to cryptomining malware hidden in ads on the Yahoo homepage. Experts estimated that about 27,000 users were infected per hour the malware was on the site…”
Because there’s so much money to be made and so little effort required, you can bet that we’re just seeing the tip of the Cryptojacking iceberg. Since the code can be quickly injected into a website, it’s not downloaded/installed on your PC in the normal way – so it’s not easy to detect.
The recommend browser add-on called No Coin is free and it’s available for Chrome, Firefox and Opera browsers.
Cryptomining, cryptojacking, and cryptocurrency itself are all complex topics. But they are important topics and you should have a basic understanding of what’s going on. With just some basic knowledge you can see why cryptomining is bound to be the next “big” thing on the web.
Besides No Coin and Emsisoft Anti Malware, Ems
You can be sure that Cloudeight will never use cryptojacking. Emsisoft recommends:
Be mindful of CPU spikes: Be conscious of your browsing habits and try to identify any sudden lag or system drag that occurs when you load a website. CPU spikes may also be indicated by computer fans speeding up and making more noise than usual, especially on laptops….
“Avoid piracy sites: Any site may be hiding malware, but it has to be said that piracy sites typically pose a higher risk. Avoid wherever possible….
Knowledge is power. Stay safe my friends.