Bitcoin boom prompts growth of coin-mining malware

The booming price of Bitcoin and other crypto-coins has kicked off a gold rush among malicious hackers keen to cash in.Many sites are now harbouring code that secretly uses a visitors’ computer to mine the valuable e-cash coins. The code is inserted by hackers who exploit poor site security or web software bugs.
 
The problem has led Google engineers to consider putting protections against mining in the Chrome browser.
 
Earlier this month, hundreds of websites were found to be running code created by the Coin-Hive project. This let the web domains generate coins for the Monero crypto-currency by using the processing power of visitors’ computers.
 
While some sites had put the Coin-Hive code on their site themselves, many others had been hacked to host the short script.
 
Bitcoin, and almost every other crypto-coin, works by using lots of different computers to log and verify who has done what with the electronic coins. In return for carrying out these computational tasks, called mining, users are regularly rewarded with new coins.
 
Palo Alto Networks said it had found Coin-Hive on almost 150 separate domains. The most popular locations for the code were porn, video and file-sharing sites.
 
"The use of Coin-Hive or similar mining services is itself not a malicious activity," said Yuchen Zhou and colleagues at security company Palo Alto. "It is how they are used that makes the sites malicious."
 
The wide uptake of Coin-Hive and the surging price of Bitcoin, now worth about $5,630 (£4,288) per coin, has led to the creation of many "copycat" coin-mining systems.
 
Security news website Bleeping Computer has now found 10 separate "clones" of Coin-Hive that mine different types of coins for their creators.
 
"Most are behaving like malware, intruding on users’ computers and using resources without permission," wrote Catalin Cimpanu on the Bleeping Computer site. On portable devices, the code can drain batteries very quickly.
 
Some of the copycat coin-mining programs specifically target popular website creation and admin systems such as WordPress. Others, said Mr Cimpanu, are written in Javascript and their creators try to insert them wherever they can.
 
Many anti-virus firms have updated their software so they now spot and disable mining software.
 
Also, Coin-Hive has now launched an authorised version of its software which only mines coins if users give their explicit permission.
 
The growing number of coin miners kicked off a discussion among Google engineers working on the firm’s Chrome browser about how to tackle it.
 
"Yes, we should do something about it," wrote Ojan Vafai, a Chrome engineer on the forums where browser changes are debated.
 
Mr Vafai suggested getting the browser to watch for situations when mining software grabs lots of processing power from a computer or portable device.
 
If the browser spots this activity it would "aggressively throttle" browser activity to limit how much number-crunching power can be grabbed. Users would also be warned about what was happening.
 
The change would let users see when their browser was being used for mining and let them choose if it continued. Blocking the activity any other way would be difficult, he said.
 
"I’m effectively suggesting we add a permission here, but it would have unusual triggering conditions," he wrote. "It only triggers when the page is doing a likely bad thing."