€ 71,275 every ten minutes is the amount a person or organization can currently earn if their network of computers is the first in the world to validate the latest Bitcoin transactions.
This operation, mining, requires phenomenal processing power, because it consists of calculating a unique encryption key from all the keys issued since the creation of Bitcoin. Failing to win the race, it is possible to join a miners’ farm and share the earnings up to the contribution.
Note that the same mining principle exists for all cryptocurrencies. The less famous will pay less for the calculation effort, but the gain will be shared with fewer participants.
The mining phenomenon has grown to such an extent that participants no longer have enough of their own machines to hope to pocket an attractive fraction of the reward. A technique has therefore been developed to go and steal power from Internet users: make their PCs execute mining JavaScript which is automatically launched when they visit certain sites. To give an idea of the scale of this fraud, Zscaler alone has blocked more than 2.5 billion mining attempts via the web in the last six months.
Companies at the forefront of the victims
It should be understood that minors have every interest in favoring the content on which Internet users will spend time. In this sense, the platforms that employees work with are just as interesting as videos watched for over an hour. But above all, it means that companies are among the first victims of web mining.
Fraudulent mining impacts business IT in several ways. It causes performance problems, on the workstation, on Internet access, which are likely to reduce employee productivity. It prematurely wears out the materials, because their components are used to their maximum capacity during the entire mining period for the benefit of calculations. It also consumes more energy and increases the bill the company has to pay.
Finally, companies that unwittingly host mining activities on their equipment are exposed to the risk of compliance breaches.
All types of sites are susceptible to stealth mining
All other content categories are affected by stealth mining, to a lesser extent. On a sample of 500 sites triggering a mining operation among the 100,000 most visited domains, ThreatlabZ found as many shareware download portals as webmail, as many peer-2-peer search engines as news sites or as many blogs as job search sites.
Sites that mine cryptocurrency on Internet users’ PCs do so on purpose or not; several cases have been proven of pirate minors having managed to hook their JavaScript to web pages without the proprietary brand knowing about it. In other cases, the publisher of the site himself announces more or less clearly to replace its advertising panels by mining codes on the pretext that they disturb their visitors less. It should indeed be specified that the encryption javascripts are invisible. Only the hissing sound of the PC fan to cool its overheated processor can suggest that something untoward is going on.
In certain cases, finally, the mining code is integrated into the advertising panels, which penalizes the Internet user on all points.
Hosting mining exposes legal and security risks
For companies whose website triggers – intentionally or not – a mining on the posts of its visitors, ethical questions come into play. At a minimum, they can be accused of not having informed their users on how their systems will be affected. As mining is a new phenomenon, jurisdiction is unclear. However, let us cite the example of the American city of Plattsburgh, in the state of New York, which has banned mining for an 18-month period in order to stop the surge in energy consumption and which has effectively exposed any offender. to prosecution.
In addition, hosting mining JavaScript increases the risk of exposure to malware. JavaScript code is indeed easily manipulated by cybercriminals for other purposes, such as preparing cyber attacks against employees and customers.
A growing market for web mining tools
According to Zscaler ThreatlabZ, the most active mining tool in terms of mining attempts is CoinHive. This is hardly surprising since he was the first, in September 2017, to have a commercial service to mine cryptocurrency from a browser. In the studies that we have carried out, we have noticed that the integration of CoinHive in websites has evolved over time. Now, its code is hidden in lines with complex syntax that make it look at first glance as simple JavaScript code.
Another such tool is Crypto-Loot. Because of its tariff – 12% is taken from profits made, compared to 30% for CoinHive – we expect a significant increase in its use.
Another example is JSE-Coin, whose JavaScript is located on a server external to the website that it infects, like Google AdSense. DeepMiner is a free and open source JavaScript dedicated to the mining of Monero and Electroneum cryptocurrencies. Minr, finally, is the least used of the five mining tools encountered, which may paradoxically encourage its use on the pretext that it will generate more earnings.
The story is not about to end. Zscaler ThreatlabZ has in fact already identified the development of new tools, called Project-Poi, Coin-blind, Coin-nebula, Coin-Have or even Coin-Imp.
To protect yourself from the threat of stealth mining, you need to take precautions. You must first disable JavaScript in browsers and only enable it when you visit trusted sites. Known domains from cryptocurrency mining should also be blocked. Finally, it is necessary to be able to monitor sudden spikes in memory usage.
(photo credit © Arina P Habich – shutterstock)
