|Photo via Pixabay|
The growing trend of malware developers using mining tools and embedding it in web browser extensions and using it to hack websites in order to mine cryptocurrency has concerned many in the technology industry.
Cryptocurrency mining is the method of generating Digitalcoins, non-physical money used for instant transactions, and uses the processing power of the Central Processing Units of computers. Websites may use cryptocurrency mining as an alternative to ad placements to gain income, which is an attractive option for malware developers. Coinhive is becoming popular to malware developers, embedding it in Chrome extensions, and mine less popular cryptocurrencies like Monero and zCash, and make transactions that are untraceable by authorities.
Installing cryptocurrency mining malware on a computer owned by an unsuspecting user is illegal and violates privacy, and infected computers suffer from slow performance, as cryptocurrency mining hogs resources of the CPUs, graphics cards, and other hardware components. According to Trend Micro, cryptocurrency mining may also be used on the following forms of attack:
- Cross-site Scripting: XSS attacks inject malicious scripts into trusted websites.
- Exploiting a remote code execution vulnerability.
- Brute Force login attacks: attacks involving the systematic guessing of passwords.
- Exploiting command buffer overflow of apps and software.
- Injected Hypertext Preprocessor arbitrary code to a system server.
- SQL injection to run malicious SQL queries against a database server.
- BlackNurse denial of service attack to disrupt the target’s network.
The use of standard ad blockers on web browsers works enough to prevent malware developers from embedding mining tools on computers.