Hackers are quietly hijacking personal computers, company servers, cable routers, mobile devices and other forms of computing power to stealthily mine cryptocurrencies — a problem that cybersecurity experts warn is growing rapidly.
The act, known as cryptojacking, has grown in popularity because it is hard to detect and reasonably passive, unlike other hacks such as Ransomware, which can encrypt files or lock users out of systems until money is paid.
“It’s sneaky,” said Raj Samani, a chief scientist at the cybersecurity firm McAfee. ”Ransomware, for example, is very confrontational, where cryptojacking looks to be as surreptitious as possible.”
Cryptojacking is also easy to execute, sometimes even hiding in ads on websites.
“Cryptojacking scams have continued to evolve, and they don’t even need you to install anything,” Jason Adler, an assistant director for the Federal Trade Commission, wrote in a blog post in June. “Scammers can use malicious code embedded in a website or an ad to infect your device. Then they can help themselves to your device’s processor without you even knowing.”
The rise in the value of bitcoin and other cryptocurrencies in recent years has made cryptocurrency mining a lucrative activity. Cryptocurrency mining uses computing power to compete against other computers to solve complex math problems, with that effort rewarded with bits of cryptocurrencies. That computing power helps create a distributed, secure and transparent network ledger — commonly known as a blockchain — on which applications such as bitcoin can be built.
Cryptocurrency mining can be an expensive proposition, requiring computing hardware and electricity. Cryptojacking offers cybercriminals a way to steal computing power from other people to bypass the effort and expense. Cryptojacking software operates on computers in the background, with the only evidence of its presence signified by a user’s device overheating or slowing down.
Cryptojacking’s mix of low risk and high reward have led to a significant increase in attacks, with a June report from McAfee finding 2.9 million examples of mining malware — malicious software — in the first three months of the year. The company said that was a 629 percent increase from the last three months of 2017.
“The pick up was just massive,” Candid Wueest, a threat researcher at the cybersecurity company Symantec, said. “It caught a lot of people by surprise.”
Computer owners should be on the lookout for a slowdown in their computers, rising electricity bills and sluggish internet speeds.