Grab a Pickaxe! Let’s Go Mining for Digital Currency

By | October 26, 2017
Print pagePDF page

Grab a Pickaxe! Let’s Go Mining for Digital Currency

If you don’t know what cryptocurrency is, we’re going to give you some simple background information so that you can understand what’s about to transform the world of adware and maybe even alter the way malware works

The most well-known cryptocurrency is Bitcoin. Bitcoin became popular because it could be used to buy things (not always legal) on the Dark Web. When people paid with Bitcoin, the payment couldn’t be traced back to them, therefore many people got away with buying many illegal things on the Dark Web, particularly on a site known as Silk Road. Eventually, Bitcoin moved out of the shadows and into the main stream and it’s accepted as payment at many online retailers – you can even pay for your Uber ride with Bitcoin.

Bitcoin became the darling of investors too. As it continually rose in value from a few hundred dollars for one Bitcoin to thousands of dollars in just 18 months. However, the value fluctuates daily. Today, October 26, 2017, one Bitcoin is worth $5871.40 USD.

There are many different cryptocurrencies. Most of them seem to rapidly increase in value. One cryptocurrency, called Ethereum was $8 in January of this yea, and now it’s worth $294. Another digital currency, Litecoin, was worth $3.77 last October and is now up to $55.39. Another, called Monero, which we’ll discuss later, is valued at $87.12.Think of digital currency (cryptocurrency)as being like stock. You can buy it, sell it, and trade it, but unlike stock you can purchase goods and services with it.

For an easy read on how digital currency works see “A simple guide to Bitcoin“.

How does cryptocurrency mining work?

According to Jareth at Emsisoft…

“Cryptocurrencies are built on blockchain technology. It’s essentially a distributed and decentralized ledger. The term ‘mining’ refers to a user verifying the data in this ledger over and over again. When the blockchain determines enough effort has been put into the verification process, it rewards the miner with a fraction of a digital currency….”

OK… that’s a tad difficult to get your head around if you don’t know much about digital currency.

So let’s put it another way. Let’s say your computer is a pickaxe and you’re a miner. You know there’s gold in them thar hills, but it’s buried deep inside the rocks. You go out alone with your pickaxe and hack away at that rock. You know you’re going to be there for a long, long time. It will take you months, even years to unearth your treasure. Now lets say you have hundreds of pickaxes and hundreds of friends, and if you all worked together, you could extract your treasure in a few hours.

So let’s think of cyptocurrency as gold. If one computer equals one pickaxe there’s no easy money in mining for “gold”. But what if you had a web site with thousands of visitors every day and you could turn all your visitors’ computers into pickaxes without them even being aware of it? You could turn them into miners without them being aware of it. Think of thousands of pickaxes hacking away at the rocks every hour, every day. Gold, gold and more gold. And the only one who reaps the reward is you: The website owner. Your visitors didn’t even know their computers were even being used as a pickaxe for you. You walk away with the gold and your visitors are none the wiser.

You can see why this new way to make money is going to be increasing in popularity — and why you’re once again in the crosshairs.

The growing trend is for Websites to surreptitiously inject code into their websites to and hijack their visitors computing power to engage in cryptomining. With the power of thousands of computers’, website owners stand to reap a hefty reward in the form of digital currency, while the user remains unaware that some of his computer’s processing power is being used.

How many of you like ads? How many of you click on ads? Not many. We can tell you that from experience. Our ad revenue has declined significantly over the years as ad-blocking technology gets better and better. Some website owners, who have expenses to meet are turning to digital mining in order to sustain their sites… or just to make some easy money.

Adware is old technology and is easily blocked. Ads are even more easily blocked. So now, Website owners can insert a a JavaScript code called Coinhive in to their sites, and use the processor power of site visitors to mine for cyptocurrency. Visitors don’t know their computers CPU power is being used to mine for “gold”. Simply visiting the site turns your computer (or internet connected device) into a miner.

When a site hijacks your computer’s processing power without your knowledge or consent, it’s called Cryptojackting. You visit the site and you’re computer is turned into a miner, and you will most likely never be aware of it.

The digital currency that that the JavaScript Coinhive mines is called Monero.

What is Monero? According to https://getmonero.org/ :

Monero is secure.
Monero is a decentralized cryptocurrency, meaning it is secure digital cash operated by a network of users. Transactions are confirmed by distributed consensus, and then immutably recorded on the blockchain. Third-parties do not need to be trusted to keep your Monero safe.

Secure safe

No surveillance

Monero is private.
Monero uses ring signatures and ring confidential transactions to obfuscate the amounts, origins, and destinations of all transactions. Monero provides all the benefits of a decentralized cryptocurrency, without any of the typical privacy concessions.

Monero is untraceable.
Sending and receiving addresses as well as transacted amounts are obfuscated by default. Transactions on the Monero blockchain cannot be linked to a particular user or real-world identity.

Monero is fungible.
Monero is fungible because it is private by default. In its current state, it is extremely unlikely that Monero will ever be blacklisted by exchanges or vendors due to its association in previous transactions…

Easy money has always been a lure for people seeking money for nothing. While, no doubt there are criminals out there using the computing power of other people’s computers to mine digital currency, the biggest increase and the biggest threat comes from website owners trying to make up for lost ad revenue – or just looking for more money – or easy money. Since all it requires is adding a bit of code to the site, and since Cryptocurrency mining requires only a JavaScript code pasted into the website’s code, and does not require the visitor to click on anything or even be engaged, the unscrupulous website owner has a lot to gain and seemingly little to lose.

But is it legal to use other people’s computing power without their knowledge or consent? According to Emsisoft’s Jareth:

“In-browser mining without your consent can safely be classed as criminal activity. It devours your CPU power, uses your electricity and potentially leaves you exposed to some privacy and security concerns without giving you the choice of backing out.”

And if you think this is an obscure threat, think again. On September 26, 2017, The Verge reported:

“…Showtime websites were found to be running a script that allows the sites to mine visitors’ extra CPU power for cryptocurrency… The afflicted sites included showtime.com and showtimeanytime.com, but the script has since been removed following reports from Gizmodo and other sites.

The crypto mining Javascript (sic) is called Coinhive, and according to the site, it was made as an alternative to banner ads as a way for website owners to get around pesky ad-blockers. Ironically, some ad-blockers have now included Coinhive on the list of the banned.

The script mines the cryptocurrency known as Monero. Launched in April 2014, Monero is meant to be a more anonymous version of Bitcoin because you can purchase it offline with cash. Thirty percent of the proceeds go to Coinhive, while sites using the service, like Showtime and The Pirate Bay, keep the rest. For its part, The Pirate Bay has apologized for secretly running the script and then asked its users if they preferred ads or CPU mining. Surprisingly, many of the comments indicate a positive reception towards the idea…”

And, it’s not new. It’s been around for several years. According to Jareth at Emsisoft:

“… In 2014, tech giant Yahoo accidentally exposed some two million European users to cryptomining malware hidden in ads on the Yahoo homepage. Experts estimated that about 27,000 users were infected per hour the malware was on the site…”

Because there’s so much money to be made and so little effort required, you can bet that we’re just seeing the tip of the Cryptojacking iceberg. Since the code can be quickly injected into a website, it’s not downloaded/installed on your PC in the normal way – so it’s not easy to detect.

You can disable JavaScript in your browser – which will negatively affect your interaction with a lot of legitimate sites you visit – and you’ll probably be very unhappy with the results — or you can install a browser add-on called No Coin (recommended by Emsisoft) which can help your protect your computer from being used as miner. And of course, you should always make sure you have a good antivirus & antimalware program like Emsisoft installed. Emsisoft can detect and remove any traditional malware-based mining software.

The recommend browser add-on called No Coin is free and it’s available for Chrome, Firefox and Opera browsers.

Download/Install No Coin for Chrome here.

Download/Install No Coin for Firefox here.

Download/Install No Coin for Opera here.

Cryptomining, cryptojacking, and cryptocurrency itself are all complex topics. But they are important topics and you should have a basic understanding of what’s going on.  With just some basic knowledge you can see why cryptomining is bound to be the next “big” thing on the web.

Besides No Coin and Emsisoft Anti Malware, Ems

You can be sure that Cloudeight will never use cryptojacking. Emsisoft recommends:

Be mindful of CPU spikes: Be conscious of your browsing habits and try to identify any sudden lag or system drag that occurs when you load a website. CPU spikes may also be indicated by computer fans speeding up and making more noise than usual, especially on laptops….

“Avoid piracy sites: Any site may be hiding malware, but it has to be said that piracy sites typically pose a higher risk. Avoid wherever possible….

Knowledge is power. Stay safe my friends.

 

 

 

6 thoughts on “Grab a Pickaxe! Let’s Go Mining for Digital Currency

  1. D.

    uBlock Origin should also help with this from what I have read. It would be under 3rd party filters, “uBlock filters- Resource abuse”. That should be checked. It is on mine. Please click on “Update Now” at top when it lights up. You have to keep it updated. Do that with what Cloudeight has given you if you already use it.

    For people who use Edge and etc. you can take a look at this after Cloudeight looks at this called ” Anti -WebMiner. I have used it just fine on Windows 10. I’m running it on two computers. I use Firefox and Chrome more than I do Edge, but I do use Edge on that rare occasion, so I want it protected also.

    Reply
  2. Sue Young

    So this little extension has setting on it so what is the correct setting Would it be for 1 minute, 30 minutes or White List Permanently. I assume from the 3 setting a person would want it set permanently so that is what I set mine on.

    Reply
    1. infoave Post author

      It works automatically based on on a script detector which uses a blacklist. You can block any site if you feel it’s using your CPU/GPU for cryptocurrency mining.

      Reply
  3. Dawn Campbell

    This is scary stuff. I have enough problems keeping my computer going at a decent speed and I have the fastest internet speed going! Thanks so much for the heads up and link to at least protect ourselves somewhat. I love Emisioft as as soon as I can afford it I will be buying it once again.

    Reply
  4. Virginia

    Hey, I use Emsisoft here on my home computer. Is NoCoin automatically a part of Emsisoft or do I have to install that separately for both Fireflox and Chrome?

    Reply

Leave a Reply to infoave Cancel reply

Your email address will not be published. Required fields are marked *