What are Crypto Mining Hacks?

One of the latest scams relating to crypto is crypto mining hacks. These are programs that can be downloaded onto your computer – without you knowing about it – that use your computing energy to ‘mine’ cryptocurrency for the hacker.

These crypto mining hacks can affect anyone – they aren’t limited to people deliberately downloading crypto files or clicking on crypto links etc. Crypto mining hacks – where these scam miners gain access to your computer to mine crypto which is sent straight to them, are now becoming mainstream. The scam files needed to use your laptop can be downloaded to your computer when you click on any affected videos or links- these aren’t necessarily related to crypto, or can even run in the background whilst you are visiting affected websites. Not only do these crypto mining hacks slow down your computer’s performance, but the worst ones can also gain access to your passwords and saved data and steal your cryptocurrencies stored online.

How do crypto mining hacks work? And what (Drive-By) Crypto Mining?

The ability to use other peoples’ computers for mining crypto started with a service called “Coinhive”. Coinhive itself is a fully legitimate service, with its own website and allowing anybody to access their plugin. Coinhive was developed as a means for websites to monetize their traffic without relying on ads – by enabling the website to use the computers of their users to mine Monero, whilst on their site. Their idea is literally that webmasters ‘can remove your ads from your website and let users mine for you to gain revenue” – offering users an ad-free experience, whilst still monetizing the site. Coinhive offers webmasters a JavaScript miner that can run on browsers, which is what is used for mining Monero (XMR). The script automatically stops working after you leave the site, so if used as intended, is a fair deal for site-visitors as well as site-owners.

However, this is an idea that can be and has been heavily abused. Hackers started to create and use malicious scripts to infect browsers, turning other peoples’ computers into mining slaves, mining Monero for the hackers using their computer power, without the knowledge of the computers’ owners, and often also downloading infections onto the computers.

The problem is, because Coinhive is recognized by most anti-virus systems as a legitimate product, it isn’t flagged as being a virus or as anything harmful to the computer, so most such mining hacks aren’t flagged by any computer security.

How does Coinhive work?

  • The user, aka you, visits a website. This can be any site, even such as Facebook and/or your daily news site. You don’t need to go on dangerous or unusual sites to get infected.
  • Any website will load a lot of content onto your browser- including articles, visuals, ads, mini-games, and scripts (*). Most of these scripts are not hosted on the websites themselves, but rather on remote browsers. The website just “calls” the script from a remote source. For the ordinary user, none of this are noticeable and doesn’t affect your user experience on the site. These scripts can be brought to your computer in seconds without you being aware of what’s happening in the background.
  • Now, a hacker may not be able to hack a strong website like Facebook. But they would likely be able to hack one of these remote scripts. And this won’t be noticeable either: a hacker can more or less just add his Coinhive account info to the script. That script will get the Coinhive miner to start mining on your computer, and your browser will then start working for the hacker. Note that Coinhive servers won’t be able to understand there is something wrong, according to them, the hacked computer is just another visitor who wants to mine. Moreover, since this is not a virus or a trojan, but rather a legitimate program that is being wrongly used, many of the anti virus and internet security software won’t be able to block the process. This is why they are called “drive-by”: Your computer can get infected by them just by visiting a site for a couple seconds.
  • Imagine thousands of computers working together and mining a specific cryptocurrency: The hacker has established a mining farm and he gets all the profit.

(*) Scripts: Programs written for a special run-time environment that automate the execution of tasks. They are invisible to the visitor's eye but their availability within the code of a website defines how the website behaves in response to certain click requests sent by the user

These Mining hacks can also steal your crypto stored on your laptop or online

If you are surfing some shady websites or use pirated software, your browser may also get infected with a trojan, in addition to the miner. The attacker must be able to control the website’s server to do that, so he basically creates a website about a popular subject (for example, download free mp3) and injects both the miner and the trojan into the server code. When you visit the website, your computer gets infected. Or, the attacker creates a cracked file for a software (games, pricey applications, etc.) and adds both of the malicious files into the crack. You download a Torrent file for, let’s say Photoshop, apply the crack to use the software for free, and get infected.

In both scenarios, the attacker gains access to your passwords and establishes a remote connection to your computer. After that, he can easily steal your wallet info and your crypto-currencies.

Are crypto mining hacks stopped by anti-virus software?

No, not by most. You would need to check closely which one you get as well as getting a good anti- mining extension.

Traditional anti-virus softwares are usually ineffective for threats such as crypto mining scripts. Coinhive is a legitimate (and legal) script with plenty of valid use cases- there are users who use it legitimately to support their websites, instead of running ads for example. So Coinhive, and potentially other programs like this, are not seen as security threats by anti virus softwares, and as such, aren’t even picked up by anti-virus systems.

How to prevent being hacked by crypto mining scripts?

  1. Get a good anti-virus

    To make sure that you are not the victim of a crypto mining hack – which many non-crypto people have been – you will need more than a good anti-virus software.

    The best protection seems to be Malware Bytes – this works for both Macs and PCs.

    The premium version of Malware Bytes (https://www.malwarebytes.com) is able to block mining scripts as well as hundreds of other threats

  2. Get an anti-mining extension

    2 Get an anti-mining extension There are several anti-mining extensions developed specifically for this- to prevent unwanted crypto miners hacking your computer. These tend to be available on the Chrome Web store, but most major browsers have extensions to block miners. These extensions also work on computers that have already been inflected by unwanted miners. So even if your browser is infected, you can still use them to “clean” your computer. The ‘Opera’ browser comes with an integrated miner blocker. For other browsers, use these extensions:

Unfortunately, Internet Explorer and Microsoft Edge browsers do not support extensions, so you need to use additional software to block miners, such as the premium version of Malware Bytes which can block such miners.

We haven’t yet tested any of these so can’t confirm how well they work!

How do I know if my computer is being mined?

  1. Slower computer performance. Browser miners use a lot of computing power - they can use 100% of the CPU. As a result, the computer starts to slow, freeze, and become unresponsive. If your performance suddenly drops when you visit a website, there may be a miner running in the background. This is your first clue.
  2. More techy users can check the Task Manager.
  3. Check carefully all open windows- even those that you can’t see. Closing that website usually stops the miner and your computer becomes responsive again. However, hackers are “creative” nowadays: They create a pop-up window, load the miner in that, and “hide” the window under the taskbar. So even if you close the browser by clicking on the “X” button, that pop-up window is still open in the background. You can’t see it, attackers hide the window under your taskbar. For PCs, press Alt+Tab in a scenario like this, all open windows will be displayed and you can close them easily.