The Rise of Coin Miner Viruses, Trojans & Spam

by | Feb 8, 2018 | Website Security | 0 comments

Staring in about November, I noticed a shift in the Matrix. There was a flood of attacks on websites that were being hacked by those goons behind the curtains. Horrible for website owners, an annoyance for web developers, and probably pretty fun for the hackers themselves. Overall, not cool for the majority of us, just trying to exist in a digital world where we want to thrive and must put up shop in a sea amongst the beasts.

Crypto mining for bitcoin and more.

Crypto mining for bitcoin and more.

Cryptocurrency is digital money such as Bitcoin, Monero, Etherum, Ripple, Litecoin, and many more. Coin-miners or Crypto-miners are individuals who use malicious code/software to generate tokens for their financial benefit. Generally, this is not good when it’s created on account of slowing down, freezing and possibly destroying your hard drive.

Imagine this; You visit a website. Your computer goes from being pretty quiet and then storming up to a loud tornado that sounds like it wants to explode. You have no clue why. It’s because unbeknownst to you, that website is running code for the purpose of crypto mining. You close the window, your computer quiets down. If you’re lucky it only got that far. That’s because the javascript miners that are developed, are done so because they need to use YOUR CPU and GPU power to create crypto currency. They are pocketing profit, by using you.

I’ve been dealing with this first hand myself. After 8 years of owning a beautiful iMac computer and never having ANY problems, my hard drive blew up back in the early winter of 2017. I imagine, because not only was my hard drive getting on the old side anyway, BUT the moment all these new websites starting utilizing crypto mining software my computer couldn’t handle the extra energy needed to fuel someones else’s pockets and finally blew up. In return, costing me a lot of money to replace it with another hard drive. Thankfully, I kept backups of all my important files using Google drive AND iCloud. Always back up your websites and computers people!

How Coin Miner Scripts are Hacking Websites & Computers

There are few ways websites and computers are being infected with this code.

  1. The web owners themselves are adding this code into the websites they manage.
  2. Hackers are injecting the code into websites other people own.
  3. Downloading images off of Google or anywhere else on the internet can be laced with a virus/trojan.
  4. Seen a “Font not found” messages lately while browsing around on the web? Yeah, that’s not bueno.

Hackers are rewriting scripts from worms, trojans, viruses and RAT’s. Not only are some of these infections going to help them make money, but they will also be able to steal your private banking information, passwords, your entire identity. A RAT, for example is a “Remote Access Trojan”. It gives the hacker access to control your computer, download any files he wants, move your mouse, listen to you and your family on your microphone and even worse, watch you and your family on the webcam. People always ask, why would anyone do this? Well, why would anyone do anything malicious and cruel? They gain something from it. Money, power, comfort, perversion. They can blackmail you, without you ever knowing who they are. They will sell all your information on the deep dark web and you are completely helpless. It’s mind blowing and tragic.

As seen above, you’ll notice how some companies have found a way to spam your analytics (visiting your website) so that you will become curious about the link or business and visit the website. In my case, I’ve seen on a few client accounts a link to a website that advertises the use of their javascript codes and how web developers can use it to make money with websites.

Will Crypto Mining Effect SEO?

It’s not clear just yet if SEO will be effected directly by this. BUT, it will in ways. For instance, if you have malware on your website, google will flag you and warn visitor’s about the malware on your site. Visitors who utilize good antivirus will be warned too. If your website is causing problems with someones computer, they are more than likely going to bounce out of your website, reducing your bounce rate. Another way Coin-miners can affects SEO is by increasing load time. Because it has to run an extra script, it makes your website run slower. In turn, reducing SEO. Fast websites are ranked better on Google.

How to protect yourself against unwanted crypto mining scripts

  1. If you are smart enough, you’re already running anti-virus software that will catch this code. Not all antivirus softwares have the same database of viruses collected, so it’s hit and miss wether your software will catch something or not.
  2. Install an ad blocker. This is an unfortunate choice to make, but one that protects you. The ad blocker will stop the javascript code from running. The downside is that authors that create valuable free content (like me) won’t get paid for their hard work.  In turn, making for a future where some valuable information is NOT free.
  3. Install security software on your websites. There are many options for WordPress sites like the word-fence plugin. Sucuri Website security options tend to be a pretty good option as well. I enjoy their CDN, which feeds a copy of your website to visitors, making your website load faster on their end and in the event of a hack of the root website, you have some time to rectify the damages done.
  4. Don’t visit shady websites. Google has worked into their algorithm that websites with HTTPS will be given priority over those who don’t apply SSL. SSL is a security feature for websites that encrypts your information from being easily seen/accessed by hackers. I would assume because of the popularity that there will a plethora of adult websites who will incorporate this new technology into their business. Visitor, beware.
  5. Becareful what files and apps you download on your computer AND your phones. Phones and tablets are also vulnerable to this criminal behavior.
  6. Monitor your Windows task manager or Mac Activity monitor for strange behavior and kill the source. A good indicator to check would be unusually slow performance. Although these scripts can run on a website, just because you closed the website, doesn’t mean it’s still not effecting your browser.

Security researchers from anti-malware provider Malwarebytes have found that some websites have discovered a clever trick to keep their cryptocurrency mining software running in the background even when you have closed the offending browser window. – Hacker News

The future of Crypto Mining, Is it good or bad?

I think it’s a primarily a new concept, and although right now, while it seems to be BAD because of how it’s basically using you in an effort to destroy you and pocket money, I would hope to see a future where websites owners can monetize their websites without the use of distracting ad’s. I would like to see that these programs didn’t destroy peoples computers or websites. I would like to see them incorporated as useful safe programs rather than viruses or worms. Is there some other way we can all benefit to mining digital coins, without sucking the life out of one another? Without destroying hard work and possibly ruining peoples lives? I don’t know. I’m just trying to do my job over here and make money honestly without hurting anyone.

Now just think how much richer the cable companies will get if they can control everyones websites and the websites you visit? Save the Internet Here if you believe in Net Neutrality!

Find out more about coin miner trojans and software:

Ravenous Raven Design
Google Rating
Based on 21 reviews