Coin-Mining Malware Goes Global: How to Avoid Infection

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

1

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Nearly 2,500 websites worldwide are infected or deliberately rigged with browser code that hijacks your computer's processors to "mine" cryptocurrency.

That's according to a report posted Tuesday (Nov. 7) by Dutch security researcher Willem de Groot, who found 2,496 sites running Coinhive, a script that forces your machine to suddenly speed up and crunch numbers in order to create units of Monero, a cryptocurrency similar to Bitcoin.

What to Do

One Chrome extension, Coin-Hive Blocker, blocks the the Coinhive script specifically. It's a good short-term solution that doesn't affect other scripts or sites, but might not work in the long run if mining software migrates to other code. (Antivirus software doesn't always catch coin-mining scripts, which are legal per se, although Malwarebytes has added Coinhive to its block list.)

To make sure your browser isn't hijacked by coin miners, you can could use a script blocker such as NoScript for Mozilla Firefox or ScriptBlock or ScriptSafe for Google Chrome. Doing so will block most ads (including ours), but you can usually whitelist websites or scripts according to what you'd like to see.

MORE: Best Antivirus Software

Websites harboring cryptocurrency-mining code are not a new phenomenon, but they've been growing rapidly in scale over the past couple of months after Coinhive released its easily embeddable code in mid-September.

Many high-profile sites, including The Pirate Bay, have added the mining code deliberately to provide an alternative revenue stream and boost the bottom line. Others, including the Showtime site, Ultimate Fighting Championship and PolitiFact, have been infected by criminals looking to make a quick buck.

De Groot said that of the nearly 2,500 sites he surveyed, 85 percent linked to just two CoinHive accounts, indicating that they'd been hacked by a very small set of criminals.

It's not illegal

Using Coinhive seems to be perfectly legal as long as you let users opt in. It's not clear how legal using it becomes if you don't warn users beforehand.

The Coinhive website, which trumpets the slogan "Monetize Your Business With Your Users' CPU Power," seems to represent a legitimate business. It even has warnings about not using the service for illegal purposes.

But we couldn't find anything on the site or in its website domain registry about the company's location, owners or employees, which is never a good sign. (An Argentine web developer did post some Coinhive code to Github, but he may not be associated with the company.)

Try it yourself, if you dare

Here's a sample of a (presumably unwittingly) infected website belonging to Subaru's Australian subsidiary, discovered by Ars Technica's Dan Goodin. Tom's Guide takes no responsibility for any consequences if you'd like to try it out at your own risk: http://shop.subaru.com.au/. Your CPU usage will spike, but there shouldn't be any permanent damage after you close the tab.

To view the effect of this infected site on your browser, open Task Manager in Windows by pressing Ctrl + Shift + Alt, and watch the performance usage hit 100 percent in a few seconds. (Don't try it on a Mac, as the site tried to actively install something on ours.)

The coin-mining scourge is even hitting mobile phones. A TV news report from Australia details how text messages have led users to install apps that secretly mine cryptocurrency, and Trend Micro found three apps in the Google Play store that mined cryptocurrency.

We're not sure what you can do to prevent your Android device from being hijacked by a cryptocurrency-mining app, as not all antivirus apps will stop them. But if your phone suddenly seems to be heating up or draining its battery rapidly, delete the most recently added app to see if that solves the problem.

Best Android Antivirus Apps

• How to Protect Your Identity, Personal Data and Property
• Antivirus Software Buying Guide
• Protect Your Computer with This One Simple Trick