There is a new malware in town to rival ransomware and this time it is linked to the explosion in crypto-currencies such as Bitcoin. Crypto-currencies are based on transaction verification and so-called crypto-mining provides 24/7 accounting for these currencies, for which it receives a small fee.
Anyone can engage in this activity, but to make real money from crypto-mining requires vast amounts of processing power. Some miners now appear to have started to tap into other people’s networks to borrow their processing capacity in order to do this. A bit like cannabis farms tapping into the next door neighbour’s electricity supply to keep their plants warm.
More than 5,000 websites have been flooded by the malware. Software known as Coinhive, which quietly uses the processing power of a user’s device to mine open source crypto-currency Monero, appears to have been injected into the compromised BrowseAloud plugin.
The crypto-jacking script was inserted into website codes through BrowseAloud, a popular plugin that helps blind and partially-sighted people access the web. The National Cyber Security Centre has confirmed the issue is being investigated.
This activity could be more than just a nuisance to the companies and has the potential to seriously impact on their business operations and in extreme cases make them unable to operate for days.
Crypto-jacking malware attacks involve extremely high CPU processing and network bandwidth consumption, which can threaten the stability and availability of the physical processes of a network. It can also disable security tools and continue to operate in the background, unnoticed for some time. It can also infect website users and spread the virus to their systems.
Crypto-jacking works simply by embedding a small JavaScript code in a website which then uses the processing power of the visiting device to mine crypto-currencies. It is common for the code to run on a website without the user noticing it.
But there are some signs that you are being crypto-jacked. Users who have been hit often complain of a slower internet connection and slower processing speeds due to the mining process using up to 85% of their CPU capacity. It can also drain a computer’s battery much faster than normal.
If you think you may have been crypto-jacked, or you want to avoid it, there are a number of steps you can take. You can turn off your JavaScript in the browser, you can use mining blocking browser extensions or specific script blockers, or even consider moving to a more privacy-centric browser.
Behaviour monitoring tools, such as ThreatSpike, would also pick up on unusual network activity, such as unexpected HTTP communication attempts with suspicious IP addresses.
If you are worried about this new threat and want to get a free analysis of whether you are at risk, please get in touch and we can help to find a solution for your network.
Sonny Sehgal
Head of Cyber Security
