Your Browser Could Be Mining Cryptocurrency For a Stranger
There’s something new to add to your fun mental list of invisible internet dangers. Joining classic favorites like adware and spyware comes a new, tricky threat called “cryptojacking,” which secretly uses your laptop or mobile device to mine cryptocurrency when you visit an infected site.
Malicious miners aren’t new in themselves, but cryptojacking has exploded in popularity over the past few weeks, because it offers a clever twist. Bad guys don’t need to sneak software onto your computer to get it going, which can be a resource-intensive attack. Instead, the latest technique uses Javascript to start working instantly when you load a compromised web page. There's no immediate way to tell that the page has a hidden mining component, and you may not even notice any impact on performance, but someone has hijacked your devices—and electric bill—for digital profit.
The idea for cryptojacking coalesced in mid-September, when a company called Coinhive debuted a script that could start mining the cryptocurrency Monero when a webpage loaded. The Pirate Bay torrenting site quickly incorporated it to raise funds, and within weeks Coinhive copycats started cropping up. Hackers have even found ways to inject the scripts into websites like Politifact.com and Showtime, unbeknownst to the proprietors, mining money for themselves off of another site’s traffic.