The basis of all cryptocurrency is a really hard math problem. The idea is that because the math is so hard, it takes a lot of CPU cycles to create the next cryptocurrency coin. It used to be that people, who are called miners, could use their computers to mine the next coin and they would get a fee for it, earning them a profit.
One of the design goals of most if not all cryptocurrencies is that the more coins that are mined, the harder it is to create the next coin. This is actually on purpose.
People have gotten very creative trying to earn money. They buy faster computers. Then the software was modified to use super fast graphics processors called GPUs. After that, it was custom hardware called ASICs. And the race goes on.
One of the most important factors in whether mining cryptocurrency is profitable is the cost of electricity. If it costs you more to make it than you earn for doing it, that’s not such a good thing.
Now some unscrupulous miners have come up with the best way to mine coins yet. They run a script in the background in your browser when you visit an infected webpage. While one user running the script in the background won’t be very effective, if a million users do it, then they will probably earn some money.
But there was a problem – the mining operation stops when you close the browser.
So some even more nefarious miners came up with a better idea. What if they created a new browser window when you visited the infected web site. Then when you close the window for the site that you went to visit, the mining will continue in this other window.
But the user will see that window when they close the window that they asked for and question what the heck this other “pop-under” window is.
They have a solution for that too. Let’s make the window TINY. Let’s hide it under the task bar. In fact under the clock in the task bar.
In fairness, there are some telltale signs of this scam, but lots of people won’t see them. The Ars Technica link below has a video to show how the process works.
Its actually pretty creative. Use a bunch of other people’s computers, it doesn’t cost you anything after you write the software and you get the fee for creating new coins.
It turns out that most of the anti-virus products won’t detect this; it is pretty easy to morph the process for each computer to make it virtually undetectable.
One researcher recently detected 2,500 web sites using your computer to mine cryptocurrency.
Of course, some folks had to ruin a good thing and tell people about it. Now many more people will detect it and totally ruin the scam.
But until that happens, some folks will be slowing your computer down to make them some money.
Information for this post came from Ars Technica.