THERE'S SOMETHING NEW to add to your fun mental list of invisible internet dangers. Joining classic favorites like adware and spyware comes a new, tricky threat called "cryptojacking," which secretly uses your laptop or mobile device to mine cryptocurrency when you visit an infected site.
The idea for cryptojacking coalesced in mid-September, when a company called Coinhive debuted a script that could start mining the cryptocurrency Monero when a webpage loaded. The Pirate Bay torrenting site quickly incorporated it to raise funds, and within weeks Coinhive copycats started cropping up. Hackers have even found ways to inject the scripts into websites like Politifact.com and Showtime, unbeknownst to the proprietors, mining money for themselves off of another site's traffic.
'There's no opt-in option or opt-out. We've observed it putting a real strain on system resources.'
So far these types of attacks have been discovered in compromised sites' source code by users—including security researcher Troy Mursch—who notice their processor load spiking dramatically after navigating to cryptojacked pages. To protect yourself from cryptojacking, you can add sites you're worried about, or ones that you know practice in-browser mining, to your browser's ad blocking tool. There's also a Chrome extension called No Coin, created by developer Rafael Keramidas, that blocks Coinhive mining and is adding protection against other miners, too.