This story is over 5 years old.


Symantec: A Cryptocurrency Mining Malware 'Arms Race' Is Looming

The scheme is ramping up as cryptocurrencies become more valuable.
Image: Shutterstock

The value of digital currencies reached staggering heights in 2017, so companies and criminals alike are figuring out ways to generate virtual coins without having to front the cost of computers or electricity themselves. The solution: code that’s sneakily hidden on web pages to hijack your laptop or phone’s computing power.

This year alone, The Pirate Bay (a notorious file sharing site), Showtime, and even an Argentine internet provider all served customers code that generated digital currencies (called “mining”) using their machines without their knowledge or consent. A new report from information security firm Symantec indicates that this trend isn’t about to slow down—quite the opposite. If anything, it’s about to get a whole lot worse. The company calls it a looming “arms race” between hackers and security companies.


“We expect that we’ll see more and more of them trying to infiltrate ad networks, which are included in many websites,” said Candid Wueest, principal threat researcher for Symantec, over the phone.

Read More: 20 Percent of Mobile Cryptocurrency Malware Attacks Are In the US

Cryptocurrency-mining malware was a menace in the early days of Bitcoin, when that digital currency could still be generated with consumer hardware. This hasn’t been possible for some time now, and so cryptocurrency malware pretty much died out after 2014. But recent years have seen a massive influx of new coins like Monero, Zcash, and Ethereum, all of which can be profitably mined with hardware that most people already have.

At the same time, several services that allow website owners (or hackers with access) to plant miner code on webpages have popped up. The most popular service is called Coinhive, but there are others, notably JSEcoin and Crypto-Loot.

Basically, it’s a perfect storm, and because of this, cryptocurrency malware mining has come back with a vengeance in 2017. There’ve even been some notable tech innovations, like “pop under” windows that keep mining after you’ve closed the main browser window, and botnets that hijack Internet of Things devices.

“Defacing a website is fun for some people, but it’s not profitable—this is, and so we think it will increase,” Wueest said. It’s still more profitable for hackers to target high-value targets like cryptocurrency exchanges, Wueest continued, but that could change.


“With the price of cryptocurrencies rising, [malware] could become more profitable and expand,” Wueest explained. “And quite frankly, it doesn’t cost much—there’s so many content management tools like Wordpress that are vulnerable.”

The important thing to keep in mind is that there’s nothing inherently wrong with cryptocurrency mining scripts. If you want to mine some Monero instead of watching an ad, hey, that’s your right. The problem is when a website or app commands your computer to do something that you didn’t approve or know about.

Symantec had to “fine-tune” some of its security tools in September to block malicious cryptocurrency miners, Wueest said. There are free ways to protect yourself too: You can add mining scripts to Adblock Plus’s block list, and there’s even an open source script blocker on GitHub called No Coin.

And remember, if you notice your computer suddenly slowing down it might not be a sign that your machine is heading to an early grave. It could just be generating digital coins for someone else.

Get six of our favorite Motherboard stories every day by signing up for our newsletter .