Skip to main content

Beware hackers uses your PC to mine Cryptocurrency




CPU Mining

CPU Mining is the use of a computer’s CPU to perform proof of work mining for a cryptocurrency.

Proof of Work cryptocurrency mining requires a processor to perform calculations called hashes. These calculations can be performed by a regular general purpose Central Processing Unit (CPU) of the kind you will find in any computer, by a slightly more specialized Graphics Processing Unit (GPU), or a highly specialized ASIC chip designed just for performing that type of calculation.

The relative merits of each method will depend on the hashing algorithm used by the digital currency in question.

Usually, CPU mining is the least effective, ASIC mining is the most efficacious, and GPU mining is somewhere in the middle. This is considered to be problematic by some, because the more specialist and expensive the hardware needed for profitable mining becomes, the fewer people get involved in it, leading to mining centralization and therefore a less secure network.

For many people, the ideal situation would be for anybody to be able to join in the process of mining on their home computer and still have a chance of earning block rewards. This increases decentralization and therefore creates a more secure and equitable network.

Because of this, some cryptocurrencies have been deliberately designed to be ASIC-resistant, meaning that it is difficult to gain an advantage in performing the necessary calculations by developing specialist custom processors. Other coins have even sought to minimize or remove any advantage to be gained by the use of high-end GPU chips, which are not fitted as standard to most computers. This latter type is known as CPU mined coins.


How Hackers Mining ???

Hackers coding a special javascript with the website to mine cryptocurrency from visitors CPU.

we found that those services majorly provided by the website called Coinhive.

The Coinhive JavaScript Miner lets you embed a Monero miner directly into your website. The miner itself does not come with a User Interface – it's your responsibility to tell your users what's going on and to provide stats on mined hashes.





Once you visit the hacker website, javascript automatically starts mining by utilizing your PC CPU.

the background process is like the following image.In the image, 100% CPU uses with 408 threads to mine hashes at the speed of 22.3 hashes per second.


Some time this mining possible to crash your CPU as well as your laptop be careful.

Some websites have found using a simple yet effective technique to keep their cryptocurrency mining javascript secretly running in the background even when you close your web browser.

Due to the recent surge in cryptocurrency prices, hackers and even legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor's PC to mine Bitcoin or other cryptocurrencies.

After the world's most popular torrent download website, The Pirate Bay, caught secretly using Coinhive, a browser-based cryptocurrency miner service, on its site last month, thousands of other websites also started using the service as an alternative monetization model to banner ads.

How to avoid ???

Use Anti Miner extension in your browser to detect and block the CPU mining scripts.

For Chrome: Anti Miner
For FireFox: No Miner

Labels:

Comments

Post a Comment

Popular posts from this blog

My Life as Information security engineer Chapter 1: Tools

  Hi folks, here I am going to share the tools list that I am using in my daily life cycle. NMAP  Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Basically, I will use it to discover the open ports and closed ports where I did Port Mapping in firewalls. We can use this in the local network as well as in the WAN network. Also with help of the NSE script, we do multiple things like vulnerability check, exploitation, etc., Ref: http://www.piratesshield.com/2017/11/nmap-network-mapper-securtiy-scanner.html CURL and WGET curl   is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). Normally using this tool to analyze the website headers when my web security device blocking some dynamic content websites and to create the Application signature in IPS. Wget   using to download files directly instead of opening and surfing the brow
Post a Comment
Read more

AquaSec Container Security Solution ( DevSecOps ) - A quickView

  What is AquaSec?      The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure, and secure running workloads wherever they are deployed.    Solutions : Cloud Native Security Platform CSPM Cloud Security Container Security Kubernetes Security Serverless Security Cloud VM Security Dynamic Threat Analysis (DTA) Container Vulnerability Scanning Aquasec offers a 14days trial to learn the container security / Automated DevSecOps. Use this link to get free trail  Sign In | Aqua (aquasec.com)   How to start with AquaSec? Once login into the portal click the nine dots in the left-side top > Aqua Hub  Then click the "Integrations" The Integration page has a lot of options to connect your container Platform Choosing your platform provides the required key to integrate. (follow the OEM documents ) The
Post a Comment
Read more

What is IP Obfuscation ? How it's working ? how to use Cuteit tool ?

  What is IP  Obfuscation?     Which is a method to hide or convert a doted format IP address  (e.g. 192.168.192.2)   into an Integer or Hexadecimal value or Octal form by using some mathematical formula. It’s a kind of method to spoof the human eyes and web security services. dot format to Decimal Conversion   piratesshield.com 👉  [172.67.129.3] to translate (172 x256 3 )+(67×256 2 )+(129×256 1 )+(3×256 0 ) =  2890105091 Now you can use  https://2890105091  to access piratesshield.com This is one of the ways to do IP  Obfuscation.  The tool  ‘ Cuteit ‘ is  A simple python tool to help you to social engineer, bypass whitelisting firewalls, potentially break regex rules for command-line logging looking for IP addresses and obfuscate cleartext strings to C2 locations within the payload. HOW TO USE CUTEIT ? Download & Install Cuteit from the below link git :   git clone https://github.com/D4Vinci/Cuteit.git Direct link: https://github.com/D4Vinci/Cuteit/archive/master.zip usage: Cu
Post a Comment
Read more