Hacked: How Cryptominers Might Be Hijacking Your Computer

Having grown up on the internet, it has always felt like a young person’s playground, a place for us to learn things, do our work, connect and have fun.

I never realized my familiarity with all things digital could lead to a kind of arrogance—a belief I could never become a victim of cyberattack or malware. After all, I’m not clicking on suspicious links or replying to scam emails from mysterious distant relatives.

That changed when my laptop was kidnapped—in a way—to mine cryptocurrency for mysterious hackers.

Gone off the rails

At the height of the heatwave, I descended into subway with my traveling office over my shoulder. I collapsed onto the seat and reached into my bag to remove my computer, but its metal casing was too hot to touch.

Illustration of thief vacuuming data from a laptop. Cryptominers pbs rewire
If a website is “cryptojacking,” you will see a spike in your CPU’s performance.

No wonder the heat had been so intolerable—I’d been carrying this small furnace close to my body. This was only the beginning of my computer’s mysterious behavior.

In the following weeks, I experienced regular crashes, called “kernel panics,” when the computer was attempting to shut itself down so it didn’t overheat. The problem was coming from my central processing unit, or CPU, which was inexplicably on overdrive. The fan ran loudly, and heat blasted up through the keyboard as soon as it started up.

The first three technicians I saw believed it to be a hardware issue and that the CPU needed to be replaced. I contemplated my (very expensive) options: replace the CPU for $600, or purchase a new laptop for $1,200. It seemed like I was between a rock and an extremely hot place.

But just as I was packing my bags to leave my appointment, the incredibly patient technician said almost off-handedly: “You might as well try reinstalling the software before you replace it.” She shrugged. “You never know.”

I reinstalled the software on my computer, and the crashing stopped. The oven-like effect was gone.

It had been a “software issue” after all, and I was back in business.

With the problem solved, I didn’t think much about it. Until a few friends helped me realize what had really happened.

How it happens

You may have already heard about passive cryptomining, when websites run script that uses your CPU to mine a small amount of cryptocurrency while you visit their website.

In fact, some websites openly use this method as a source of revenue, rather than running advertisements. Other sites do it surreptitiously, without notifying you.

A typical personal computer can’t handle the intensity of the calculations necessary to mine most cryptocurrencies. They’re not powerful enough to mine Bitcoin, the best known of the cryptocurrencies. But they can be used to mine Monero and other types through these passive methods.

When making a transaction with cryptocurrency, computers perform a series of complex equations, all of which requires power. By opening your task manager on a Windows operating system, or the Activity Monitor on a Mac, you can monitor the performance of your CPU as you browse.

If a website is “cryptojacking,” as its sometimes called, you will see a spike in your CPU’s performance, which will go away when you close the browser tab.

In some cases, however, the spike never finds resolution. When that happens, one of two types of cryptojacking might have occurred:

  • A Trojan Horse cryptomining application has downloaded onto your computer, and it is constantly mining your hard drive.
  • If you’re running Windows, there’s a possibility that a small window has opened that fits behind the clock on your taskbar. It continues running the script that mines your CPU even after you’ve closed the browser tab. It’s a popular type of malware that can be difficult to detect.

My computer had been infected with malware. And while it was causing me trouble—and costing me money for every day I couldn’t use my computer—it was all the while mining money for someone else, somewhere far away.

A moving target

IBM’s Security Intelligence tracked the number of these Trojan hijackings in each month of 2017, and there are not an overwhelming number of cases: they peaked around 250 in August of last year. Considering the number of us using computers, it’s relatively rare, but your chances of being hacked increases as you search the internet about emerging technologies. In other words, your search habits make you a target.

As these systems become more complex, and as miners become more eager, it’s easy to imagine that the malware will intensify as well, both in its undetectability and its power.

Protecting yourself against cryptominers

You should always protect your computer with basic anti-virus software. It sounds obvious, but this was news to me. I had always been a vigilant internet-user and had never encountered malware, especially to this extreme.

If you experience difficulty on particular websites, monitor your CPU’s activity while visiting those sites to scan for potential cryptomining, and avoid unknown websites and URLs that aren’t secure.

Beware of phishing scams. Phishing scams are not always about retrieving your email and password. These hackers attempt all methods to install software onto your computer. In some cases, such as mine, this can require a full system recovery. Check out this fascinating episode of the “Reply All” podcast for more on why phishing is a thing.

These schemes are only becoming more difficult to detect, and even more difficult to diagnose. It’s important, even for those of us who grew up online and feel at home here, to recognize that it’s still a world-wide place where almost anything can happen.

A headshot of Jamie Lynne Burgess. PBS Rewire. Jamie Lynne Burgess

Jamie Lynne Burgess is a freelance writer and editor from New England who recently swapped goat dairy farming in Northwest Colorado for goat cheese eating in Blois, France. She loves personal essays, public libraries and the life of Louisa May Alcott. Get in touch on Twitter at @jamburgess or follow her on Instagram at @jamielynneburgess