Photographer: Chris Ratcliffe/Bloomberg
cryptocurrencies

‘Cryptojackers’ Dig Into Your Phone to Mine Their Coins Cheaply

  • U.S. court system, Australia and U.K. governments affected
  • Millions of Android devices are mining the digital currency

There’s a chance your computer or phone is quietly producing a cryptocurrency called Monero.

Criminals looking to commandeer massive processing power to unlock new Monero coins have unleashed an epidemic of malicious software that burrows deep into victims’ web browsers to surreptitiously run calculations. A security researcher discovered the latest attack last weekend, finding the malware on more than 4,000 sites, including those owned by the U.S. court system, the governments of Australia and Britain, and City University of New York, all of which used a text-to-speech accessibility script called Browsealoud.

“Within hours of identifying the problem, the compromised script was disabled from the uscourts.gov site,” David Sellers, a spokesman for the Administrative Office of the U.S. Courts, said in an email. Browsealoud will be offline until Feb. 15 to beef up security, the company behind the code, Texthelp Ltd., said on its website.

The online hijackings show the lengths to which some people will go to stockpile Monero -- a so-called privacy coin that, once obtained, is particularly hard for authorities to trace. After a 20-fold surge in price over the past year to about $275 per coin, Monero now ranks 13th among cryptocurrencies with a market value of $4.3 billion, according to CoinMarketCap.com.

About 630 of the top 300,000 websites tracked by Amazon.com Inc.’s Alexa Internet unit have mining code embedded in them, researcher 360 Netlab estimated on Feb. 7. This week, Kaspersky Lab warned that some users of the Telegram messaging app also have been mining coins like Monero, while Malwarebytes Labs said millions of Android devices are currently mining Monero.

And that’s just the latest round. On Dec. 18, hackers targeted as many as 190,000 WordPress sites per hour to get them to produce Monero, according to security company Wordfence.

Yet, it’s not always a crime.

Computing Power

While the hijacking of most devices happens without their owners knowing, one site -- Salon.com -- now tells readers they can avoid seeing ads if they let it mine Monero using their computing power.

“Think of it like borrowing your calculator for a few minutes to figure out the answer to math problems, then giving it back when you leave the site,” Salon told its users. Plugins such as Coinhive let sites embed such mining code as well.

Monero mining is spreading because -- unlike most coins out there -- it can be produced with a typical device most people already own.

“Monero is a target for malware mining because it is the only top-20 coin by market cap that can be mined from commercial hardware you have at home” rather than specialized hardware needed to mine most other coins, said Nolan Bauerle, director of research at cryptocurrency researcher CoinDesk.

Criminal Favorite

A hacker controlling 1.5 million smartphones would rank as the largest Monero miner, according to Lucas Nuzzi, senior analyst at Digital Asset Research.

Monero was designed with features to protect a user’s privacy, and its developers say most people who obtain and spend the coins do so legitimately. But Monero’s potential utility for criminals has also raised alarms. The European Union’s law-enforcement agency, Europol, warned in a report last year that cryptocurrencies like Monero “are gaining popularity within the digital underground.”

Monero encrypts the recipient’s address on its blockchain and generates fake addresses to disguise the real sender. It also obscures the amount of the transaction.

In the Browsealoud attack, computers of unsuspecting users who navigated to an affected site were instructed to solve complex mathematical problems to produce Monero. Once they left the site, the Monero mining stopped, Scott Helme, the U.K.-based security researcher who discovered the Browsealoud vulnerability, said in a phone interview.

“We’ll see an explosion of cryptojacking this year,” Helme said.

For more on cryptocurrencies, check out the Decrypted podcast:

    Before it's here, it's on the Bloomberg Terminal. LEARN MORE