The Growing Threat of Cryptocurrency Mining Malware - Fortune

This article first appeared in Data Sheet, Fortune’s daily newsletter on the top tech news. Sign up here.

Welcome to a midweek cybersecurity warning. Aaron in for Adam today.

It takes a lot of computing power to “mine” a bitcoin or other digital currency coin. The giant mining operations of Asia stack thousands of computers in dimly lit factory buildings powered by cheap electricity from coal-fed generating plants. Bitmain’s mining operation in the northern Chinese city of Ordos uses $39,000 of electricity a day.

But with the price of bitcoin skyrocketing (at least on a monthly basis) and other currencies following suit, it’s probably no surprise that some less legitimate folk have sought to profit from the boom. And they’ve latched onto some software that started out with a clever idea.

Known as CoinHive, the JavaScript program is designed to reside on web sites and run in the browsers of visitors to crunch the calculations that mine a cryptocurrency called Monero. While different currencies require different types of calculations that favor one kind of computing set up or another (ethereum runs great on graphics cards while bitcoin mining uses specially made chips called application-specific integrated circuits), Monero’s underlying mining challenge was made to run best on ordinary PC CPUs. Say, the ordinary PCs of people browsing the web.

In theory, it’s an interesting new twist on monetizing web content. Instead of bothering visitors with ads, borrow a limited amount of their CPU power while they visit your web site. The borrowed CPU time uses a little more electricity, boosting each visitor’s electric bill but only by a tiny bit.

The problem, of course, is that suddenly CoinHive is popping up all over the web, grabbing as much CPU power as it can from every PC it touches, but without getting permission or even notifying the affected visitors. In many cases, it appears the software has even been installed on web sites without the permission of the website owners, with the generated Monero coins going into the digital wallets of unknown hackers located somewhere else entirely. Cybersecurity firm Check Point Software (chkp) uncovered a malware app called Adylkuzz spreading across the web starting around the same time as the WannaCry ransomware app and using some of the same stolen-from-the-NSA methods. As of last month, Monero-mining malware ranked as the sixth most prevalent threat in the wild, Check Point said.

What can you do to avoid this spreading plague of stolen CPU cycles? Browser plugins that block adware and malware, like Adblock, will stop CoinHive. So will more robust security firewalls and monitoring services. Be careful out there!