Hidden mining is the mining of bitcoin, monero or other cryptocurrency on the devices of Internet users without their consent. This usually happens by infecting a computer or smartphone with malware or by embedding a crypt mining script in the code of a web page, but there are other ways. From the article you will learn how infection occurs, how large the scale of the problem is, and how to find and remove a hidden mining virus.
How hidden miners infect a computer
In most cases, the miner virus enters the user’s device with the help of a dropper , whose task is to secretly install another application. Typically, droppers are embedded in pirated versions of licensed programs and games or key generators for them, since during the launch of such applications the user himself disables the antivirus and gives the go-ahead for installation.
When the downloaded file is launched, the installer is deployed on the computer, which, in turn, downloads the miner and a special tool that hides it from the system and antiviruses. The malicious application may also come with services that ensure its autorun and configuration of work parameters.
For example, a virus can stop production when a user starts computer games (the miner loads the processor and / or video card heavily, so the game can slow down, which will cause suspicion). Such services may also try to disable anti-virus products, suspend production when the system monitoring tool is working, and “resurrect” the virus code if it is deleted.
The following infection methods have been discovered today:
- Hidden cryptocurrency miners embed in pirated content, installers of popular programs, or are distributed under the guise of free content. In October 2019, hidden mining was also detected in WAV audio files and in Docker Hub container images .
- Some sites embed a mining script in the code of their web pages. This script was found on the site M inisterstva of Education of Belarus , portal The Pirate Bay , and at least another 7000 other web resources .
- In 2017, it was discovered that the Wi-Fi network provider and Starbucks in Buenos Aires used it to secretly mine crypts. While people were drinking coffee, a mining virus script was downloaded to their phones and laptops.
- In December 2018, it became known that more than 415,000 MikroTik routers around the world were infected with malware designed to steal their computing power and secretly mine cryptocurrency.
- More malware is embedded in Wordpress plugin, Google Play mobile apps, and Google Chrome plugins .
The scale of the hidden mining problem
The first devices infected with hidden mining viruses were discovered back in 2011. The American company Symantec discovered Trojan.Badminer, which secretly used the computing power of Internet users to mine bitcoins. In 2013, another Trojan via Skype infected tens of thousands of devices around the world.
The threat of hidden mining acquired global status in 2017, when the number of infected devices reached 2.7 million , due to the multiple growth in the cost of bitcoin price and other cryptocurrencies. In 2018, the number of infected devices exceeded 10 million. The largest growth was recorded in the segment of mobile devices.
Let’s hope that 2019 will be the year when we destroy these annoying and vile crypto fraudsters. How to do this is described below.
How to find and destroy malware
Older miner viruses do not regulate the load on the system, so they can be quite easily detected by the presence of brakes, friezes or slack in the operation of the device. New versions of hidden miners use a small percentage of the system’s power, so it’s more difficult to detect them. Usually they are given out by overheating, fast discharge of the battery, high load of the processor (or video chip) and increased noise level of the fan.
In addition, you can monitor Internet connections. If there are unknown resources among them, suppliers of hidden mining applications (JSECoin, Moonify, CryptoLoot, Awesome Miner or others) or mining pools, congratulations, your device is infected! You can monitor your Internet connections using applications such as Fiddler, TMeter, or NetPeeker.
To remove malware, use Malwarebytes, Kaspersky, Avast, Dr.Web, ESET or Windows Defender. These antiviruses are able to find and destroy most of the applications and scripts of hidden mining, as well as block the Internet addresses of their suppliers, crypto-exchanges and mining pools.
To prevent cryptocurrency clandestine mining:
- Install the NoCoin browser extension and Anti-Web Miner.
- Install the uBlock and AdBlock add-ons.
- Use a good antivirus.