Cyber hackers invented a new way to steal. This new way has nothing to do with stealing identities, credit cards, or bank account balances. It has to do with cryptocurrencies like Bitcoins. Even though hackers stole many millions dollars worth of Bitcoins, this new method of thievery is more subtle than that. Instead of stealing the Bitcoins, they are stealing the computer processing power and the electricity needed to create them.
Bitcoins and other cryptocurrencies are created by a process called “mining” which requires serious computational power to solve a very complex mathematical problem. It also takes a lot of electricity to run the computers doing the computational work. Once a miner has solved the complex math problem, they are allowed to verify transactions and create a group of verified transactions called a “blockchain.” They are rewarded for performing this work by receiving cryptocurrency.
ArchivePoster—a Chrome extension that helps Tumblr users to repost other blogs—is just one that was uncovered. The problem is that ArchivePoster extension also has a secret process that it runs called CoinHive. CoinHive is used for a type of stealing called “crypto jacking.” It forces infected computers to process the mathematical calculations necessary to mine the cryptocurrency call Monero.
What does a cryptojack malware infection do?
If a computer has a cryptojack infection that comes from a user-installed extension for the Chrome browser, most anti-virus and malware removal software will not identify the problem.
This cryptojack software will take over the computer and dedicate processing power to mining cryptocurrency. The computer may start to work very slowly, the Internet bandwidth may be used, and regular functions may be disrupted, but users only experience a sluggish feeling when using their computer. Others report that their computer becomes so slow as to be unusable.
Computer hijackers use this method because a typical computer that is needed to mine cryptocurrency can cost around $5,000 each and they need to use many of them. Not only are the computers expensive, the electricity to run them is very costly. This is why if they can attack 10,000 computers online and get them all working for them for free, they are able to make a good amount of money stealing computer processing power in this way.
The only way users are learning whether a specific Chrome extension has a secret cryptomining script embedded in it is from the complaints made by others users who tried the extension and found that it was problematic using it.
The good news is that these infections do not harm the computer— they only slow it down. The hijackers do not want to damage a computer. They just want to enslave it and make it run programming code for them. Thankfully, the offending software is easily removed by simply uninstalling the bad browser extension.
If a computer is running very slowly all of a sudden; it is likely that it may have a cryptojack infection. To eliminate a bad extension, disable the extensions one-by-one to see which one is causing the problem and then get rid of it by removing it.