How hackers are using your device to aid cryptomining

Crooks are becoming less keen on our money – they’re after our computer power instead

A computer monitor displays data on the temperature, fan speed and hash rate of graphics processing units as they mine cryptocurrency pools for Electroneum in Budapest, Hungary, on Wednesday, Jan. 31, 2018. Cryptocurrencies are not living up to their comparisons with gold as a store of value, tumbling Monday as an equities sell-off in Asia extended the biggest rout in global stocks in two years.  Photographer: Akos Stiller/Bloomberg
Powered by automated translation

Back in the "good old days" of computer malware, hackers would try to gain access to our computers with the aim of prising money out of us. Whether they did this by tricking us into clicking a dodgy link or by more nefarious means, it was our hard-earned cash they were after. The last few weeks, however, have seen a marked and unusual shift in the world of online crime.

Crooks are becoming less keen on our money – they're after our computer power instead. As a result, the chips that power our phones, tablets and computers are being quietly hijacked and used to perform intensive number crunching, which slows our devices, drains their batteries and uses up electricity. The reason for all this: the creation (or mining) of cryptocurrencies such as Bitcoin.

The infamous Bitcoin, and its cousins such as Ethereum and Ripple, have hit the headlines repeatedly in the past few months as people observe wild fluctuations in their value and ponder the wisdom of buying them. But there is a way of getting hold of these coins that doesn't involve currency exchange: instead, you use computer power to complete the complex mathematical puzzles that validate a "block" of cryptocurrency transactions. If you manage to solve those tricky sums, you get a reward. For example, successfully mining one block of Bitcoin will yield a reward of 12.5 Bitcoins – currently equivalent to about US$100,000 (Dh367,315). Needless to say, this particular task is not an easy one: a high-end PC might take about 150,000 years to do so. Nevertheless, enthusiastic miners have found themselves investing huge sums in computer hardware in the hope of "winning" these rewards, from powerful graphics cards (GPUs) to dedicated mining devices, but as cryptocurrencies gain more value, more power is needed to mine them. In the search for that extra computer power, hackers are now requisitioning it from an unsuspecting and unaware public.

Most of these nasty mining tools end up on our devices in the same way most malware does, such as opening a booby-trapped document or following a questionable web link. New threats are appearing constantly. Last weekend saw thousands of Android phones infected with code that mines a cryptocurrency called Monero. (Another ongoing Monero-mining scheme has, so far, infected more than half a million Windows computers and generated some $3.6m of the currency.)

In recent weeks, malicious mining software has found its way onto devices via text messages, rogue links on Facebook Messenger and even via code embedded in Google ads. Victims of these hacks wouldn't immediately be aware what was going on, but their infected devices would be pushed to their limits – indeed, in December, computer-security firm Kaspersky released photos of an infected phone with a battery that had literally buckled, bulged and deformed after two days of intensive cryptomining.

Whether one believes in the long-term validity of cryptocurrencies, the feverish rush to mine them is having real-world effects. The GPUs that facilitate the mining of certain currencies (Ethereum among them) are now subject to a global shortage, with empty shelves and high second-hand prices. GPU manufacturer Nvidia recently confirmed that it has asked retailers to prioritise gaming customers over mining customers, but its main competitor, AMD, is less shy – the company's technical marketing manager, Damien Triolet, gave an interview to
the TechRadar website this week extolling the benefits of certain AMD products and the benefits they could bring to rookie miners.

Beyond the world of graphics cards, demand has soared for dedicated mining "rigs" (such as the AntMiner S9), which sell for thousands of dollars apiece, and established brands have also been muscling in on the action. Kodak recently unveiled a scheme whereby you could lease a mining rig from them (a "KashMiner") for $3,400 if you split your profits with the company, while Samsung announced last week that it is manufacturing chips specifically dedicated to cryptomining. You would be forgiven for thinking that this whole business appears to be motivated by greed, but last week, there was an attempt to harness the system for a charitable cause, when Unicef appealed to gamers with powerful graphics cards to mine Ethereum to help raise money for children in Syria.

All this mining requires enormous amounts of electricity. The main expense for miners isn't the rig, it is the power, and this helps to explain why hackers are now trying to get that power for free – by stealing it. Estimates of the amount of power used by the global cryptomining effort have been criticised for their inaccuracy, but economics website Digiconomist currently pegs the power used to mine Bitcoin (never mind any other cryptocurrencies) as equivalent to about 4.4 million American households. The dream of cryptocurrency inventors, to create a newer, fairer financial system, probably never factored in the extraordinary consumption of resources that would be needed to bring them into being, and some of those inventors are now wrestling with their consciences; Vitalik Buterin, the creator of Ethereum, was recently quoted as saying: "I would personally feel very unhappy if my main contribution to the world was adding Cyprus's worth of electricity consumption to global warming." In China, where electricity is cheap and where a substantial proportion of the world's mining rigs are located, officials recently announced that local government would be "discouraging" miners from continuing their activities.

Those of us who are keen not to have a grindingly slow computer or an enormous electricity bill should follow the usual rules regarding malware: be suspicious of unusual files and wary of unexpected correspondence. The web browser extension No Coin has been independently developed to block mining code, and since last month, it has been built into the Opera web browser by default. Meanwhile, anyone who might be thinking "if you can't beat them, join them" should probably think again; the highly impractical nature of cryptomining and the sheer volatility of the markets means that the amount one would spend on mining coins might be better spent on simply buying the coins themselves. Or, controversially, perhaps invested in something a little more stable.


Read more:

Why can't we fix our own gadgets or get them repaired where we want?​​​​​​

Are you part of the repair revolution?

US authorities said to launch Apple battery inquiry