Bengaluru: Browser-based mining has been in the market since 2013 but its recent rapid rise in the past months pose a threat to users, only recently has cybersecurity company Symantec reported a 34% rise in mobile apps incorporating the code to mine virtual currencies.
Mining happens secretly without the users’ knowledge which causes the device to heat-up and slows down the users device.
So what are cryptocurrencies like Bitcoins and Monreo? These are the currencies that are created by computer codes after solving complex math problems and not by any central authority like RBI or any other Government which gives you the liability of the currency.
The hackers can easily use the mobile devices or even laptops of the visitors on the website by simply incorporating a piece of code into the website to ‘mine’ cryptocurrencies without the users’ knowledge. This background process in the browser goes unnoticed without the users’ knowledge.
Security Researcher Indrajeet Bhuyan says, “Indian websites with high traffic should take stock of this development,”
Recent Symantec report says, “After many years of deathly silence, the catalyst appears to be the launch of a new browser-based mining service in Sept by Coinhive.”
Coinhive allows its website owners to use their code to harness the power of visitors’ hardware.
Security Researcher Bhuyan explains this, “For instance, if there are 1,000 people who visit a ticket booking website, the owner of the website can earn money (cryptocurrency) using the CPU power of the 1,000 computers to mine,” Bhuyan said.
Another Mumbai based tech blogger who used monetize the views on his popular tech blog said, “I ran the script for a week to check if it was profitable. I was able to mine Rs 1,300-worth of Monero in a week.”
He claims to get 6 lakh users a day and says, “It is very easy to implement the code on any website and it is easy to start mining … This is profitable only when your website has millions of hits and traffic.”
“Until a few months back, only when you open the website the script will run. Now, new kinds of scripts are coming up where even if you close the website they still continue to use your computer hardware to mine,” Bhuyan said. “They hack websites, insert the scripts, and earn money.”
He explains, for instance, government websites like IRCTC have at least 10 million visitors per day to book train tickets and these websites act as a perfect platform to deploy a ‘custom script’.
This custom script is a special unique tailor-made piece of code to mine on particular specific websites. “The way to protect your device from this is through plugins,” Bhuyan said, ET reported.