You are here: Home » International » News » Markets
Business Standard

Not into cryptos? Your phone may already be mining one without you knowing

Monero mining is spreading because -- unlike most coins out there -- it can be produced with a typical device most people already own

Olga Kharif | Bloomberg 

Cracking the cryptic world of virtual currencies

There’s a chance your computer or phone is quietly producing a cryptocurrency called  

Criminals looking to commandeer massive processing power to unlock new coins have unleashed an epidemic of that burrows deep into victims’ web browsers to surreptitiously run calculations. A security researcher discovered the latest attack last weekend, finding the malware on more than 4,000 sites, including those owned by the U.S. court system, the governments of Australia and Britain, and City University of New York, all of which used a text-to-speech accessibility script called Browsealoud.

“Within hours of identifying the problem, the compromised script was disabled from the site,” David Sellers, a spokesman for the Administrative Office of the U.S. Courts, said in an email. Browsealoud will be offline until Feb. 15 to beef up security, the company behind the code, Texthelp Ltd., said on its website.

The online hijackings show the lengths to which some people will go to stockpile -- a so-called privacy coin that, once obtained, is particularly hard for authorities to trace. After a 20-fold surge in price over the past year to about $275 per coin, now ranks 13th among with a market value of $4.3 billion, according to

About 630 of the top 300,000 websites tracked by Inc.’s Alexa Internet unit have mining code embedded in them, researcher 360 Netlab estimated on Feb. 7. This week, warned that some users of the Telegram messaging app also have been mining coins like Monero, while said millions of devices are currently mining

And that’s just the latest round. On Dec. 18, hackers targeted as many as 190,000 WordPress sites per hour to get them to produce Monero, according to security company Wordfence.

Yet, it’s not always a crime.

Computing power

While the hijacking of most devices happens without their owners knowing, one site -- -- now tells readers they can avoid seeing ads if they let it mine using their computing power.

“Think of it like borrowing your calculator for a few minutes to figure out the answer to math problems, then giving it back when you leave the site,” Salon told its users. Plugins such as Coinhive let sites embed such mining code as well.

mining is spreading because -- unlike most coins out there -- it can be produced with a typical device most people already own. 

is a target for because it is the only top-20 coin by market cap that can be mined from commercial hardware you have at home” rather than specialised hardware needed to mine most other coins, said Nolan Bauerle, director of research at cryptocurrency researcher CoinDesk.

Criminal favorite

A hacker controlling 1.5 million would rank as the largest miner, according to Lucas Nuzzi, senior analyst at Digital Asset Research.

was designed with features to protect a user’s privacy, and its developers say most people who obtain and spend the coins do so legitimately. But Monero’s potential utility for criminals has also raised alarms. The European Union’s law-enforcement agency, Europol, warned in a report last year that like “are gaining popularity within the digital underground.”

encrypts the recipient’s address on its blockchain and generates fake addresses to disguise the real sender. It also obscures the amount of the transaction.

In the Browsealoud attack, computers of unsuspecting users who navigated to an affected site were instructed to solve complex mathematical problems to produce Once they left the site, the mining stopped, Scott Helme, the U.K.-based security researcher who discovered the Browsealoud vulnerability, said in a phone interview.

“We’ll see an explosion of cryptojacking this year,” Helme said.  

First Published: Fri, February 16 2018. 10:01 IST