Browser based coin mining is becoming ever more common in the cryptocurrency world. Malicious browser-based coin mining is also something which happens, now for many this can go on, totally undetected and ultimately, its unlikely such mining would cause you any problems.
I suppose the word malicious here is not always appropriate, whilst other malware and viruses attack computers to cause damage and extract personal information etc, ‘malicious’ coin miners target machines for the CPU and processing power. This means they can essentially tap into your computers potential and use its power to mine coins. It’s malicious because it is using your machine without permission for personal gain, but I guess it stands way down the pecking order when you consider things like identity theft and key-logging.
Browser based coin miners occur within your web browser, often they are undetected but only run when your browser is active. This week however, Symantec have unveiled an executable file which they have located, that can mine for coins in the same way a browser-based coin miner would, but without actually having a browser open at all.
The problem here is that there is no indication on the user’s computer that suggests coin mining is taking place. Often with browser-based coin miners your anti-virus will pop up with a warning, also, those who know about browser-based coin mining may notice a difference in the performance of their machine whilst online, so they might simply just assume that mining is taking place. With this script however, the only indication that mining is taking place is a reduced performance within your computer, with no browser open, you’d be safe to assume it’s got nothing to do with coin mining and it’s a problem elsewhere on your machine, right? Wrong.
Symantec even found that with this specific executable, the computer didn’t even know what was causing the reduced performance and spike in CPU activity. When tested, machines that where being used for this coin mining method blamed other software for the reduced performance, sprouting up error messages about X software potentially slowing down the computers performance. The file even had a built in PE file that allowed the coin miner to start running again after the machine or device has been restarted.
Write: Richard Abermann