Hackers hijacking computers to mine bitcoin

This article is more than 12 months old

Cyber-security firm saw 100,000 cryptojacking hits from Republic in past month

If you feel your Internet connection has been slower in the past few months, do not blame your service provider yet - you might be a victim of a new form of malware.

As prices of cryptocurrency such as bitcoin soar to astronomical values, hackers are infecting computers and websites with malicious software.

This malware creates a zombie mining army which toils in the background mining cryptocurrency, with users none the wiser.

Cryptocurrencies are digitally coded scripts that attempt to replicate modern-day currencies.

Cyber-security researchers have seen a spike in cryptocurrency mining malware this year, as well as a new trick called cryptojacking, where websites are infected with software that prompts visitors' computers to mine cryptocurrency when they visit the website.

Cyber-security firm Fortinet said its Web filtering services have seen 100,000 cryptojacking hits from Singapore over the past month. Globally, the company reported 60 million hits in the same period.

While the Cyber Security Agency of Singapore (CSA) has yet to receive any official complaints from local users or businesses, it is keeping an eye on such developments.

"Unauthorised cryptocurrency mining and browser-based digital currency mining are concerns to note," said Mr Douglas Mun, deputy director of CSA's National Cyber Incident Response Centre.

In September, cyber-security researchers started noticing an increasing popularity in cryptojacking when hackers starting slipping cryptocurrency-mining software into websites.

Users who visit infected web pages inadvertently add to hackers' coffers while their computer systems are being made use of.

Mr Nick FitzGerald, a senior research fellow at security software maker ESET, said: "These websites were either deliberately hosting coin-mining programs to make money for themselves, or unwittingly hosting such scripts through compromise or display of advertisements."

Cryptocurrency, especially bitcoin, has become the new darlings of hackers, as they are untraceable and rapidly growing in price.

Fortinet's director of security research David Maciejak

Users can be fooled because hackers have started compromising legitimate websites and hiding their malicious code in them.

Fortinet's director of security research David Maciejak said: "Some are very legitimate websites, like CBS' Showtime or soccer star Cristiano Ronaldo's official webpage.

"Cryptocurrency, especially bitcoin, has become the new darlings of hackers, as they are untraceable and rapidly growing in price."

According to estimates by researchers from anti-virus firm Kaspersky Lab, a 4,000-machine network can reap its owners up to US$30,000 (S$40,500) a month.

As for computer users, they will notice their computers performing more slowly than usual as the mining software hogs the computer's resources, taking about 60 per cent or more of its computational power, according to a CSA advisory.

"Unauthorised mining is a new threat that can... cause a user's system to suddenly and unexpectedly slow down, sometimes significantly, when visiting a website," said Mr Vicky Ray, principal researcher at network security firm Palo Alto Networks.

"In a worst-case scenario, the slowdown can be so severe that it can make a website basically unusable."

Users can tell they are on a compromised website if they see a sudden spike in memory usage and sluggish performance. They can stop the process by exiting the website, and not visiting it again.

They should also install anti-virus software and keep it updated, as well as turn on firewalls and not click on suspicious links, said experts.