Is your web browser slower than usual? It could be bitcoin mining for criminals.
With the rise in popularity of virtual currencies, hackers are focusing on a new type of robbery: putting malicious software on phones, televisions and refrigerators of people who make them mines for digital money.
The so-called "cryptojacking" attacks have become a growing problem in the computer security sector, affecting both consumers and organizations. Depending on the severity of the attack, victims may notice only a slight decrease in processing power, often not enough to think that it is a hacker attack. But this can increase processing power over a period of months or if it affects the entire computer network of a company.
"We saw organizations whose monthly electric bill had increased by hundreds of thousands of dollars," said Maya Horowitz, of the computer security company Checkpoint.
Hackers try to use the processing power of victims because it is what is needed to create – or "mine" – virtual currencies. In the extraction of virtual currency, the computers used to perform complex calculations verify a log of execution of all transactions in virtual currencies worldwide.
Encryption is not performed only by installing malicious software. It can also be done via a web browser. The victim visits a site, which hangs on the processing power of the victim's computer to extract the digital currencies as long as they are on the site. When the victim changes, the extraction ends. Some websites, including Salon.com, have tried to do it legitimately and have been transparent about it. For three months this year, Salon.com removed advertisements from its sites in exchange for users who allowed them to extract virtual currencies.
Increase in currency
Industry experts first noticed cryptography as a threat in 2017, when virtual currency prices soared to record levels.
The price of bitcoins, the most popular virtual currency, rose sixfold from September to nearly $ 20,000 US in December, before shrinking to less than $ 10,000 US.
The number of cryptojacking cases rose from 146,704 worldwide in September to 22.4 million in December, according to the Avast antivirus developer. He continued to grow only, at 93 million in May, he says.
The first big case emerged in September and focused on Coinhive, a legitimate business that allows website owners to make money by allowing customers to extract virtual currency rather than relying on advertising revenue. Hackers have quickly started using the service to infect vulnerable sites with miners, particularly YouTube and nearly 50,000 WordPress websites, according to research conducted by Troy Mursch, a researcher on cryptojacking.
Mursch states that Monero is the most popular virtual currency among cyber criminals. A report from the computer security company Palo Alto Networks estimates that more than five percent of Monero has been extracted through cryptojacking. It is worth almost $ 150 million in the United States and mining is not the case with browsers.
Sprinkle and pray
In most attacks, hackers infect as many devices as possible, a method expert calls "spray and prays".
"Basically, everyone with a [computer processing unit] It can be targeted by cryptojacking, "said Ismail Belkacim, an application developer who prevents websites from extracting virtual currencies.
As a result, some hackers target organizations with great computing power. In what is believed to be the biggest cryptojacking attack so far, Checkpoint discovered in February that a hacker had exploited a vulnerability on a server that had generated over $ 3 million in the United States over the course of several months. Monero.
Cybercriminals have also recently targeted organizations using cloud-based services, where a network of servers is used to process and store data, providing more computing power to companies that have not invested in additional hardware.
By abusing this service, the cryptojacker uses all the power that the cloud will allow them to maximize their earnings. For companies, this translates into slower performance and higher energy bills.
Martin Hron, a security researcher at Avast, says that in addition to the increased interest in virtual currencies, there are two main reasons for the increase in attacks.
First of all, cryptojacking scripts require little skill to implement. The ready-to-use computer code that automates encryption is easy to find with a Google search, along with suggestions on device vulnerabilities.
Secondly, cryptojacking is harder to detect and more anonymous than other hacks. Unlike ransomware, where victims have to transfer money to regain access to their computers blocked by hackers, a victim of cryptojacking may never know that their computer is used to extract currency. And since the money generated by cryptojacking goes directly into a hacker's encrypted wallet, the cyber criminal leaves fewer traces.
Both Apple and Google have started banning applications that extract virtual currencies on their devices. But Hast, the Avast researcher, warns that the risk is increasing as more everyday devices connect to the Internet, from ovens to home lighting systems, and that these are often the least secure. Hron said that cheap Chinese devices were particularly easy to hack.
Some experts say that new techniques like artificial intelligence can help you get a faster response to suspicious software.
This is what Texthelp, an educational technology company, used when it was infected by a cryptocurrency, said Martin McKay, head of technology at the company. "The risk has been mitigated for all customers within a four-hour period."
But security researcher Mursch says these precautions will not be enough.
"They could reduce the impact," he says, "but I do not think we'll stop it."