Websites are being “caught out” by hackers who use them to mine virtual currencies, according to BBC News online.
Online scammers are installing malicious “code” on websites for schools, charities and file-sharing services in order to generate cryptocurrencies such as Monero, the website says.
Rik Ferguson, vice president of security research firm Trend Micro, told the BBC that hackers use the malicious code to target as many computers as possible to establish a cryptocurrency mining network.
“There’s a huge attraction of being able to use other people’s devices in a massively distributed fashion because you then effectively take advantage of a huge amount of computing resources,” he says.
Cryptocurrencies operate by getting lots of computers to work together to solve the tricky mathematical problems that establish who spent what, Ferguson explains. This establishes a digital ledger, or blockchain, of spending activity with a particular coin.
The number crunching is called mining and new crypto-coins are handed out to miners who are the first to solve the complex sums. So the more computer power someone can amass, says Ferguson, the more coins they can generate.
Many of the sites affected by the hacks are running the widely used Coin Hive mining script, the BBC reports.
A security researcher who scanned the code found that on many of the sites running Coin Hive, the way it was concealed suggested it had been uploaded surreptitiously.
The Coin Hive developers told the BBC: “We had a few early users that implemented the script on sites they previously hacked, without the site owner’s knowledge. We have banned several of these accounts and will continue to do so when we learn about such cases.”
The growing trend for using hidden code to mine virtual currencies also raises concerns over the privacy of unsuspecting website users, says tech website Futurism.
Last month, users of the controversial file-sharing service The Pirate Bay saw the performance of their computers drop dramatically, the site says.
This was not “related to the illegal downloading taking place on the site”, says Futurism, but rather was a result of the website using the processors (CPUs) of visitors’ computers to generate cryptocurrencies.
The Pirate Bay later admitted it used the currency mining tool over a 24-hour period, to test it as a possible replacement for traditional banner ads, but said it has since removed the code from its website.