The Cryptominer hack

Let’s talk cryptomining for a second (not that I understand it).

I was having a wander through a few websites yesterday, the way that I do, and my antivirus alerted me to one which had a dodgy link embedded in it.

It was a site I would have expected to be squeaky clean so I ran it through a malware scanner and sure enough it had been hacked, but the interesting thing from my point of view was that it was a hack I’d never seen before and the word ‘cryptominer’ figured prominently.

I did a bit more investigation and it seems that there’s a new cryptomining hack out there. The hack itself is pretty bog standard – the hackers target websites with poor security and/or password hygiene, and then add a link which runs a piece of javascript.

The new bit isn’t that they’re stealing data, or putting spammy SEO links on your website, but that they’re stealing your electricity! The script adds a cookie to your computer which links back to their site and allows them to use your computer’s CPU (which is paid for on your electricity bill) to power their cryptomining.

And note this well: it doesn’t just infect Windows PCs – it targets any computer which runs an internet browser, so you’re talking MACs, phones and Linux too!

You’ll know you’ve got this hack on your computer when it suddenly slows down, or your machine heats up, the fan runs fast or the battery drains fast.

Unfortunately closing your browser down doesn’t help (it did with the first versions of this hack but they’ve got more sophisticated since then).  The way to get rid of it from your PC is through a deep antivirus scan, but make sure you’re using a good antivirus, and one which is up to date.  The one I was using was Kaspersky, which blocked the link actually on the website.  You might also want to do a malware scan using something like Adware.

To prevent it happening in the future, get a good antivirus, use a Chrome or Firefox extension that blocks websites from using your CPU to mine Cryptocurrency – or better still, use Anti-WebMiner that will stop Cryptojacking Mining Script attacks by modifying your hosts file. It works on all browsers.

To get rid of it from your website you either need to find the bad scripts, remove them manually and beef up the security on your website, or get a professional (yes, like me!) to do it for you.