As digital currencies increase in popularity, cryptojacking is becoming an increasingly prevalent issue for website publishers and consumers. To combat this, cybersecurity company WebARX recently created a tool designed to allow website owners to detect unwanted digital currency mining scripts. The term ‘cryptojacking’ refers to a recent trend involving hackers compromising websites for monetary gain. The process involves finding vulnerabilities that allow scripts to run that utilize a viewer’s computing resources without their consent.
Recently, a large scandal involved hackers breaching official government sites in the UK, Australia, and Canada. Hackers also made use of YouTube ads to mine digital currency in the past, and there are purportedly thousands of websites currently running cryptojacking scripts.For the most part, cases of cryptojacking involve using a tool known as Coinhive. Despite being created to serve as a potential substitute for digital advertising, Coinhive often runs without the consent of consumers. “Just [do] a Google search and you’ll find all kinds of ‘How to remove Coinhive Virus’ tutorials,” said a Coinhive team member in a statement to VICE. “All Antivirus vendors have already blacklisted us. I don’t think our image could be much worse.”To combat their negative reputation and better their services, the Coinhive team moved on to a new project called AuthedMine, which requires user consent before mining occurs. However, with the prevalence of cryptojacking, the team is yet to find success amidst scripts that run without permission.
Admittedly, the direct long-term consequences for the average consumer could be considered minimal. For the most part, a computer mining digital currency does not harm the machine, and many volunteer to mine for charity or in exchange for their own monetary reward.“I think the greater consequences will mostly [affect] the website owner,” said WebARX security researcher, Oliver Sild, in a statement to Coinsquare Discover. “If they can’t detect the infection in time before AV vendors and Search Engines do, they will get blacklisted and often it’s a struggle to get your domain removed from those lists.” Additionally, when mining is done without the consent of users, Sild points out that the money that hackers earn could be used “who-knows-what activities,” referring to illegal or illicit spending. However, website owners are at the largest risk of long-term consequences from cryptojacking incidents, compared to the relatively low threat for the general public. Damage done to a website’s reputation can be difficult to mitigate, and the team behind Coinhive recently told VICE that the trend “will probably be here to stay for a while.” For consumers, Avast stated that ways to protect yourself from cryptojacking include using an extension that automatically blocks common JavaScript miners, and/or using a ‘strong’ antivirus.Note: this article was updated to correct a spelling error.Image credit: WebARX logo
Buy Bitcoin, Ethereum, XRP, and other cryptocurrencies on Coinsquare.
[maxbutton id="2"]
