LONDON -- Is the Web browser on your phone slower than usual? It could be mining bitcoin for criminals.
As the popularity of virtual currencies has grown, hackers are focusing on a new type of heist: putting malicious software on peoples' handsets, TVs and smart fridges that makes them mine for digital money.
So-called crypto-jacking attacks have become a growing problem in the cybersecurity industry, affecting both consumers and organizations. Depending on the severity of the attack, victims may notice only a slight drop in processing power, often not enough for them to think it's a hacking attack. But that can add up to a lot of processing power over a period of months or if, say, a business's entire network of computers is affected.
"We saw organizations whose monthly electricity bill was increased by hundreds of thousands of dollars," said Maya Horowitz, threat intelligence group manager for Checkpoint, a cybersecurity company.
Hackers try to use victims' processing power because that is what's needed to create -- or "mine" -- virtual currencies. In virtual currency mining, computers are used to make the complex calculations that verify a running ledger of all the transactions in virtual currencies around the world.
Crypto-jacking is not done only by installing malicious software. It can also be done through a Web browser. The victim visits a site, which latches onto the victim's computer processing power to mine digital currencies as long as they are on the site. When the victim switches, the mining ends. Some websites, including Salon.com, have tried to do it legitimately and been transparent about it. For three months this year, Salon.com removed ads from its sites in exchange for users allowing them to mine virtual currencies.
Industry experts first noted crypto-jacking as a threat in 2017, when virtual currency prices were skyrocketing to record highs.
The price of bitcoin, the most widely known virtual currency, jumped sixfold from September to almost $20,000 in December before falling back down to under $10,000.
The number of crypto-jacking cases soared from 146,704 worldwide in September to 22.4 million in December, according to anti-virus developer Avast. It has continued to increase, to 93 million in May, it says.
The first big case emerged in September and centered on Coinhive, a legitimate business that let website owners make money by allowing customers to mine virtual currency instead of relying on advertising revenue. Hackers quickly began to use the service to infect vulnerable sites with miners, most notably YouTube and nearly 50,000 Wordpress websites, according to research conducted by Troy Mursch, a researcher on crypto-jacking.
Mursch says Monero is the most popular virtual currency among cybercriminals. A report by cybersecurity company Palo Alto Networks estimates that over 5 percent of Monero was mined through crypto-jacking. That is worth almost $150 million and doesn't count mining that occurs through browsers.
In the majority of attacks, hackers infect as many devices as possible, a method experts calls "spray and pray."
"Basically, everyone with a [computer processing unit] can be targeted by crypto-jacking," said Ismail Belkacim, a developer of an application that prevents websites from mining virtual currencies.
Business on 06/30/2018