Sites Are Using Your Browser to Mine Crypto. It Could Be a Good Thing

The name says it all: WannaMine. Panda, a Bilbao, Spain-based cybersecurity company, wrote in the beginning of February that "a new malware variant has been taking over computers around the world, hijacking them to mine a cryptocurrency called Monero."

The virus recalls WannaCry, a worm that swept the globe in May 2017, encrypting infected systems' data and demanding bitcoin ransom payments in order to decrypt it. But WannaMine takes a different approach to wringing cryptocurrency out of its victims: it uses their machines' processing power to run an algorithm called CryptoNight over and over again, hoping to find a hash meeting certain criteria before any other miners do. When that happens, a new block is mined, creating a chunk of new monero – worth about $1,500 at the time of writing – and depositing the windfall to the attacker's wallet.

The chances that any given miner will find the next block first and receive the reward is tiny, but infect enough CPUs, and you can hack together a decent revenue stream. Since the victim pays the electricity bills and provides the hardware, the costs to the attacker are negligible. (See also, How Does Bitcoin Mining Work?)

"A Proof-of-Concept"

On Feb. 11, a similar but rather more spectacular attack was uncovered. Cybersecurity researchers Scott Helme and Ian Thornton-Trump (phat_hobbit) noticed that sites from the UK's National Health Service to the U.S. Courts were hijacking visitors' browsers to mine monero.