If you are a Google Chrome browser user, and you have been using a web browser extension called Archive Poster all this while, chances are your PC would have been hijacked without you even being aware of it, and used for mining cryptocurrencies. The offending extension, which describes itself as a tool that “allows you to quickly reblog, queue, draft, and like posts right from another blog’s archive" was in fact hijacking the processing power in computers of as many as 105,000 users, and using that to mine cryptocurrencies.
While this particular extension has now been removed from the Chrome web extensions and apps store, it was using a distributed-network cryptocurrency mining program called Coinhive and mining a currency called monero. If you have been using this extension, it would be a good idea to remove it—head to your Chrome browser app -> type chrome://extensions in address bar -> look for Archive Poster and click the trash icon next to it to delete.
Bitcoin mining is the process of authenticating and legitimizing bitcoin transactions done online, anywhere in the world. In a simpler scenario, imagine the teller in your bank, who authenticates a deposit or withdrawal transaction that you may make by physically visiting the bank. In the world of the as-yet-unregulated cryptocurrencies, every single transaction or exchange made using crypto coins needs to be added to what is known as a final bitcoin ledger or blockchain. These transactions combined then reach “block" status, and it is this block that is sent to miners by different blockchain networks such as bitcoin, litecoin, omni, ripple and in Google Chrome extensions’ case, monero. The miners who receive these blocks of data that need to be mined then use their specialized hardware and keys called “nonces" to encrypt the block of transaction data. This hash is then added to the block that was received earlier, thereby authenticating it. Miners are paid when they complete a block.
For this, miners need to invest in very powerful computing devices to execute the mining task. A simple browse through Amazon.com suggests that these aren’t exactly affordable either. For instance, the popular Bitmain Antminer S9 is priced at $6,399 (around Rs4,07,000) and the DR-100 Pro 21GH/s X11 ASIC Miner costs $1,999. Considering the money that miners will have to invest initially before any returns start to come in post the successful completion of the mining processes, it perhaps becomes more exciting to write a malware code, piggyback on popular apps, and sneakily use the processing power of thousands or millions of computing devices globally—and safely assume that their owners wouldn’t suspect a thing. The only real give-away is if your PC’s CPU constantly registers 100% or close to 100% usage even when you aren’t using any apps at the time.
This is not the first time a cryptocurrency mining malware has been detected. In late December, security firm Trend Micro reported that mining bot called Digmine began spreading through Facebook Messenger in the Chrome web browser—via a malicious script that downloaded an extension to the browser, and took charge of the computing device. In October, a Monero mining tool was discovered in the website code for popular streaming service Showtime—and it was removed subsequently. It is not just your computer that is at risk. In December, security firm Kaspersky detected the Loapi malware designed to run on Android phones, by taking charge of the processor. In its tests, Kaspersky observed that so much processing power was constantly used by the mining malware, by running the phone’s processor at full chat all through, that their test phone’s battery bulged and the cover started to melt.
With cryptocurrencies gaining value off late, mining malwares are here to stay, unfortunately.