Cryptominers are software applications that mine cryptocurrencies such as Bitcoin. Malicious cryptominers exploit the processing power of unsecured networks and devices, consuming resources and placing additional strain on the systems they infect.
Servers are a more popular target as they offer significant processing power. That said, cryptominers can infect all kinds of platforms, from desktops to networked systems and even mobile devices.
There are two broad categories of cryptominer malware. The first consists of code downloaded onto the target system and runs from there. The second type, commonly termed a “drive-by” cryptominer, runs in the victim’s browser when an infected site is visited. Typically this kind of attack is limited, stopping as soon as the target navigates away from the infected page. Some cryptominers, however, use hidden pop-under windows that continue to exploit the user’s device even when they leave the host site.
While cryptominers might seem relatively harmless compared to more aggressive forms of malware, they can cause serious problems. If not detected and removed, cryptominer malware can slow down a system dramatically, possibly even causing it to crash altogether. That, in turn, can result in a loss of custom, the destruction of data and significant inconvenience for users.
In the case of individual devices, the additional burden on the infected computer’s central processing unit (CPU) or graphics processing unit (GPU) can increase the risk of overheating and result in damage. Cryptominers also cause systems to consume more electricity than they otherwise would, raising energy bills.
Website owners also need to be especially alert to the possibility of an illicit cryptominer script getting added to their site code, either through hacking or because they incautiously allowed third-party code in the form of plugins, templates, etc., that contained cryptominer functionality. A website infected with a drive-by cryptomining code will tend to perform poorly and affect the overall performance of a visitor’s computer. That will prompt users to leave and avoid the site, reducing engagement. Infected sites may even be delisted by search engines or blocked by users’ security software.
Because of the potential hazards, it’s important to take precautions against infection. Avoid unauthorized software and dubious applications such as torrent managers; such programs often come bundled with cryptominers or other malware. Install and run anti-malware utilities — with trojan protections — and keep them up to date. Ensure that only authorized users have access to systems and website administration. If a system is slow or otherwise behaving oddly, check to make sure that no suspicious processes are running and perform an inspection with your anti-malware utilities.