Cryptocurrency 'arms race' is brewing with return of browser-based cryptomining, new malware attacks

As the cryptocurrency market continues to grow and coin prices rise, security researchers have warned that a virtual currency "arms race" is looming as nefarious actors look to exploit the lucrative forum. According to security firm Symantec, browser-based cryptocurrency mining activity has not only risen from the dead, but exploded in the last few months of 2017.

Both companies and cybercriminals are looking to tap into the burgeoning market and generate valuable virtual coins using browser-based cryptomining software and scripts.

Coin-mining scripts embedded in a website secretly hijack the CPU processing power of the site's visitors to mine cryptocurrency.

Although this activity has been around since at least May 2011, researchers say the surge in the cryptocurrency market this year, and the availability of home hardware and easy-to-use JavaScript APIs, have led to a surge in malicious browser-based mining that has affected numerous websites.

"After many years of deathly silence, the catalyst appears to be the launch of a new browser-based mining service in September by Coinhive," Symantec writes in a new report published on Wednesday, 20 December. "This service wraps everything up nicely in an easy-to-use package for website owners and has injected new life into an idea that was long thought of as dead and buried.

"Together with the diversity of coins to choose from in 2017, there is also now a diversity of coin reward mechanisms. Some, like Bitcoin, can still only be mined via a proof-of-work (PoW) process using dedicated power-hungry ASIC hardware.

"Other cryptocurrencies like Monero, Ethereum, Ethereum Classic and Dash can be mined using retail-grade GPU hardware found in many home computers. There are also some that are more suited to CPU mining; these include Monero and Verium Reserve."

Researchers noted that the most popular background miner so far has been Coinhive.

Since then, a number of websites have been discovered with Coinhive code embedded in them to secretly generate digital currencies as an alternative to online advertising. So far, The Pirate Bay, Showtime, Politifact, UFC's website and Starbucks were found running cryptocurrency miners such as Coinhive without the knowledge or consent of visitors.

According to Symantec, cryptomining code has also popped up in browser extensions, plugins, traditional tech support pages and even parked domains – websites that show up when you accidentally misspell a domain name. Symantec has discovered miners in a number of Android apps as well.

Symantec's data pointed out that mining activity seems to mirror the rising interest and price of cryptocurrency such as Monero. Malicious mining scripts also usually mine Monero rather than Bitcoin or Ethereum due to Monero's CPU-friendly hashing algorithm.

Although a number of security firms have blocked these background miners, Symantec warns that user interest and awareness, paired with detection by security firms, will "trigger a new arms race between cybercriminals and defenders".

"We can expect to see adoption of a wide range of traditional malware propagation and evasion techniques to help spread and prolong mining activity in order to maximise profit," researchers said. "For as long as the current enabling factors are in place making it favourable for mining, we can expect to see interest in browser mining to be sustained or even increase in the short- to medium- term."