Is your tech busy mining crypto without your knowledge?

Abhigyan Singh 10th Sep 2020

In 2019, there’s a lot of online traffic in the name of daily life across the globe. Each day, a few billion people connect to the internet to search for information, post and interact on social media, tech, or otherwise surf for work purposes. The average office firewall is fairly liberal, which means average office workers can easily visit companies online, look up a news item, or glean contact details needed to fulfill their tasks for the day.

Although the Bitcoin surge and pop might have been a storm in a teacup for everyone not involved, cryptocurrency persists with its unique format and pursuits. One of these, common to all prominent digital coins - crypto mining - is still often a bit of a mystery to anyone who hasn’t made a mission out of understanding the process.

In short, users “mine” the crypto currency’s blockchain (thus validating others’ transactions) - be that Bitcoin, Monero, Dash, or Ethereum - for the rewards contained therein. Rewards incentivize participation in a decentralized ledger. That’s a blunt definition, but the point is there are rewards to be earned in mining cryptos. Miners receive cash rewards or allocations of the digital coins that can be exchanged for fiat currency at any time.

One step further into a crypto world - and one step further away from most people’s understanding - is that mining pools have flourished. There are purely commercial sites where users can sign up to sell their computing power in exchange for a small share of the mined dividends. These portals pay users fees for being able to put their computing power to work mining a blockchain. Scientific research and other fields are cottoning on to the idea, making use of willing participants’ tech for their aims, as well.

Are the websites you visit mining crypto?

There’s a significant monetary value attached to computing power, largely thanks to digital coins. This makes globally connected tech - which is all of us - worth fighting over or stealing. The computing power of any piece of tech can now be remotely harnessed to mine for cash rewards. This has given rise to many legitimate routes of interaction, as above, but also darker realities, where your tech can be enslaved without your consent.

Cybersecurity issues have become much more nuanced in a short space of time. Digital coins have ushered in an entirely new realm of endeavor to the planet, and AI advances are often bringing Hollywood sci-fi home to the current global population. Professional consultancies like Mustard IT, an IT company in London, UK, deal with issues daily that was unimaginable but a few years ago. Online security has become a whole new ball game from the former, relatively simple hacking attempts to steal data or access funds.

Although the mining of cryptocurrencies like Monero and Bitcoin has diminished in value for the average user, there is still money to be made there. And, where there’s money, there are people trying to get it undeservedly. The fact that Bitcoin mining takes such significant time and computing power means that cyber crooks constantly look for ways to spread that demand over others’ tech without consent.

If that sounds like a positively criminal insert into online life, it is. It’s a documented fact, however, that many websites are doing just that. Known as cryptojacking, it’s managed to creep into online life as users proliferate, yet being tech-savvy remains the province of a small percentage of people. It’s technically simple, yet cheekily cloaked, and most people still have no idea whether they’ve ever fallen prey to it.

The older methodologies of cybercriminals attempting to get you to open an email so a feedback virus contaminates your tech is waning. The modern cyber crook is enjoying a moment of blindness among global users and popping a JavaScript file right in the browser. If you have JavaScript enabled (which is broadly essential for many sites to display and work when users visit them) and visit a site infected with malicious ads, you’re going to start mining crypto without your consent.

How to stop sites illegally using your tech

Some coin blockchains are relatively simple to mine, such as Monero. However, the flagship cryptocurrency - Bitcoin - takes significant computing power to yield dividends. Rather than establish an ASIC mining setup that can hash away at BTC rewards, criminals would rather pinch snippets of processing power from everyone else.

Crooks know that encumbering a single user with too much mining of a chain, such as Bitcoin, would result in visible symptoms. A laptop’s battery life would take a noticeable dive, fans would be running constantly, and even basic tasks would become dramatically slow, similar to when some antivirus apps run a background scan. Therefore, criminals not only target less demanding crypto chains like Dash and Monero, but they also regulate how much power they pinch so that, unless a user makes a concerted effort to find out, but they’re also unlikely to notice the intrusion at all.

Usually limiting the demands to less than 50 percent of the central processing units’ (CPU) capacity, cyber thieves, unfortunately, count unethical web developers among their number. While some websites openly state that if users would like an ad-free experience, they can opt into mining while on the site, this is not always the case. This is upfront and completely acceptable, although the notion of “leasing” out one’s tech if only for a moment so that others can make profits is still obnoxious to many.

That said, the face of remote harnessing to mine crypto is consensual in many cases. The script Coinhive is a freely available option for web developers to add to their build. In response, Google has Coin-Hive Blocker in its web store, a Chrome extension that will thwart any attempts to harness your CPU when visiting sites. Other users find no offense in allowing a third party to mine coins while they’re browsing a site. Unfortunately, as it’s still a grey area for regulators, not all sites are so transparent as those that state their intentions up front.

Spotting a mining website

If companies want to avoid abuse of their tech, Coin-Hive Blocker is a good place to start. Additionally, one needs to continually check on the CPU of any tech device.

  1. Right-click the taskbar in Windows, and then select Task Manager. Open the Performance
  2. When running macOS, search for the Activity Monitor with Spotlight, or click through Applications - Utilities - Activity Monitor.

While it will vary between devices, a typical percentage usage - assuming nothing specifically draining has been attempted - will sit around 20 percent, usually less. If a spike becomes apparent upon opening a typical web page while browsing, this is a potential warning sign. It’s certainly not proof that mining has commenced, but if closing the tab sees a drop to usual levels again, it’s very possible that JavaScript was being employed for mining without your consent.

More worryingly, if usage doesn’t dip upon closing the tab, it’s entirely possible that the device has been infected with a more persistent malware that remains mining in the background via a pop-under window. Such a window will run the JavaScript as open, and it’s cleverly sized and disguised by hiding behind the clock in the Windows taskbar.

Pop-under tabs are the hallmark of many adverts online, but also currently illegal activity, and users will need to employ Task Manager to exit the browser completely. Heading into 2020, it’s a good idea to be looking at Task Manager when exiting every browsing session.

Authored By Abhigyan Singh

He is a continuous blogger and has blogged on different topic. He loves to surf Internet and always trying to get new Idea about new Technology and Innovations and sharing these great information to all the technology lovers.

Also on DiscussDesk