Crypto jacking ? Hackers Stealing Your Computer Power ? | Shapes Game

Joining classic favorites like adware and spyware come to a new, tricky threat called “crypto jacking,” which secretly uses your laptop or mobile device to mine cryptocurrency when you visit an infected site.

Malicious miners aren’t new in themselves, but crypto jacking has exploded in popularity over the past few weeks because it offers a clever twist. Bad guys don’t need to sneak software onto your computer to get it going, which can be a resource-intensive attack. Instead, the latest technique uses Javascript to start working instantly when you load a compromised web page. There's no immediate way to tell that the page has a hidden mining component, and you may not even notice any impact on performance, but someone has hijacked your devices—and electric bill—for digital profit.

The idea for cryptojacking coalesced in mid-September, when a company called Coinhive debuted a script that could start mining the cryptocurrency Monero when a webpage loaded.Hackers have even found ways to inject the scripts into websites like Politifact.com and Showtime, unbeknownst to the proprietors, mining money for themselves off of another site’s traffic.

So far these types of attacks have been discovered in compromised sites' source code by users—including security researcher Troy Mursch—who notice their processor load spiking dramatically after navigating to cryptojacked pages.

To protect yourself from cryptojacking, you can add sites you're worried about, or ones that you know practice in-browser mining, to your browser's ad blocking tool. There's also a Chrome extension called No Coin, created by developer Rafael Keramidas, that blocks Coinhive mining and is adding protection against other miners, too.

"We’ve seen malicious websites use embedded scripting to deliver malware, force ads, and force browsing to specific websites," says Karl Sigler, threat intelligence research manager at SpiderLabs, which does malware research for the scanner Trustwave. "We’ve also seen malware that focuses on either stealing cryptocurrency wallets or mining in the background. Combine the two together and you have a match made in hell."

Coinhive has always maintained that it intends its product as a new revenue stream for websites. Some sites already use a similar approach to raise funds for charitable causes like disaster relief.

Early adopters like the Pirate Bay have made a pitch to their users that the technology is worth tolerating. "Do you want ads or do you want to give away a few of your CPU cycles every time you visit the site?" Pirate Bay asked its users in mid-September. Most commenters on the feedback request supported in-browser mining if it reduced ads, but one noted that if multiple sites adopt the technique, having multiple tabs open while browsing the web could eat up processing resources.