Hidden mining. How not to become a cryptoslave
Sometimes fraudsters use Bitcoins only as the means of payment which is not possible to track. The virus blocks the system and offers to unblock a PC for some amount of cryptocurrency; otherwise, the data will be lost forever. That’s how the notorious network worm WannaCry functioned last year.
However, there are more sophisticated methods of getting rich at another’s expense using new technologies. The most popular of them is hidden mining. A virus in the system or a suspicious site may direct your system resources to make money for other people.
What is a miner virus? As it is known, cryptocurrency is mined through mining – the computational process which creates new blocks in the blockchain system. Usually, the processor or video card power is used by choice of their owner, who installs and activates a miner program. Anyway, nothing can prevent the distribution of such programmes secretly along with other software.
In this case, a user can face significant problems such as a dramatic fall in productivity, increased amounts in electricity bills and even premature equipment failure from overheating. So, what does a miner virus do? If a scan for coin miner viruses was not run in time, mining viruses may turn a PC into a digital coin production factory.
The computing power of one infected system is not high, but hundreds and thousands of such computers may generate substantial incomes to “creators” of the fraud. Initially, only Bitcoin was used as a cryptocurrency, but mining of this digital currency has become practically pointless due to the increased complexity, even when it is carried out by the network of computers. That’s why hidden miners work with such cryptocurrencies as Ethereum or Monero today. The latest was mined even by the mobile ADBminer, which had been secretly set in Android system smartphones or even in Android TV devices.
As a rule, miner viruses are spread just as other malicious programmes during download of the pirated content. Quite often cracked computer games become infected. Malicious code may be set in a visited site. For mining, in this case, it is necessary that a user keeps a browser and a site tab open.
Whereas in the past such tricks were typical for entirely marginal resources, today even a seemingly harmless Internet shop may try to start mining Bitcoins. How to check what a site is trying to infect the system – hidden mining or a virus? The lack of antivirus protection is a sure guarantee that sooner or later a PC will be attacked.
The reason that miners emerge on Internet resources more often is the increasing popularity of applications which block commercials. Consequently, the usual marketing income of site owners is decreasing year after year.
A long-standing reputation also doesn't help: in 2017, the indexer of torrent files Pirate Bay, which has been on the market since 2003, added the miner code Coinhive. Similarly, two years before, developers of a popular BitTorrent, a client of uTorrent, got involved in a scandal. During installation of a programme, it was offered in evasive language to support an organization which was working on “AIDS cure and the provision of clean water for future generations,” etc. By agreeing, a user joined the cloud computing service Epic Scale and started to mine Bitcoins officially for charity. However, in the next program update, Epic Scale was not there.
So, the risk to catch a coin miner is quite high. In what way a PC must be scanned for a mining virus and what can give rise to it?
First of all, an unexplained processor or video card load must be a source of some alarm. Overheating, noise from the cooling equipment and “brakes” even during standstill or work with document files are sure signs that the computer power is used not just by you. It is also worth paying attention to Windows which are unknown or consume disproportionately many resources in the “Task manager.”
Improved miners will not load the system very much; they will be switched off during games or other cost-effective activities and closed when the “Task Manager” is on. In this case, an income from the infected computer will decrease, but also it will be much more difficult to detect a problem. Therefore, you should pay attention to your PC.
If suspicions are still there, it has to be decided how to run a PC for coin miners. Concerning antivirus, a virus and a miner are different things as a user could install a miner-program of his own accord.
Is it possible to spot and remove mining viruses? Modern antiviruses are capable of not just removing a virus. Mining will also be spotted, although in a different way. Most likely an antivirus will mark it as RiskWare – “a potentially malicious software.” If you have not installed anything like this, you can quickly delete it. It is advisable to use a full removal function and to continue monitoring an unwanted activity. It often happens that along with miners a code, restoring them in case of their removal, is installed in the system.
In case if antivirus scan has failed, but suspicions are still there, it is possible to return the system to its recovery point. For that in Windows 10, it is required to open the control panel and move on to the section “Recovery.” All programmes installed after this point will be deleted. If it is not possible for some reason, Windows reinstalling will solve this problem for sure. But this is a radical measure and is worth using only if there are no other alternatives.
For advanced users, a pack Sysinternals Suite by Microsoft could be an alternative. The software included in it allows working with operating system processes on a deep level. A more straightforward option is to use a program AnVir Task Manager. A further thorough check of a PC by a utility Dr.Web Curelt may also help.
Back to the list