by Tom Nelson
If your Mac seems to suddenly be running hot, with the fans making more noise than usual, your battery runtime has taken a nosedive, or you’ve noticed that your Mac seems to be slowing down, you may be experiencing the effects of cryptojacking.
Of course, there are plenty of other reasons why your Mac could be misbehaving as outlined above; hot summer days can make your Mac run its fans at a higher rate, battery runtime can be affected by the type of processes you’re running, such as video or audio processing, and the Mac’s processors may simply be engaged in running multiple threads from multiple apps, keeping things a bit tied up.
But you could also be a victim of cryptojacking. In this Rocket Yard Guide, we’re going to take a look at cryptocurrency, how it’s mined, and how it may be affecting your Mac.
What Is Cryptojacking? The New, Friendlier Malware
Cryptojacking is a somewhat new way for nefarious individuals to make use of your Mac’s processing power for their own gain. With cryptojacking, the gain is in the acquisition of cryptocurrency coins by having your Mac solve complex mathematical problems. Each solved problem is worth some number of coins or fractions of coins in the cryptocurrency being mined.
Mining for money using your Mac’s hardware without your consent is commonly referred to as cryptojacking. Coin mining is probably best known as the way to acquire Bitcoins, a popular cryptocurrency that has been in use for a number of years. In the early days of coin mining, the tasks a computer had to perform to generate a coin were easy enough that a moderately outfitted personal computer could perform the tasks in a reasonable amount of time. As cryptocurrency become more popular, the difficulty of the problems that needed to be solved increased dramatically, to the point where multiple specially designed computer rigs were being used together to solve the problems and generate cryptocoins in a reasonable timeframe.
As the various cryptocurrencies gained support, the mining of the coins became more and more difficult, so that the days of someone using an average personal computer to solve problems and generate coins went by the wayside. Nowadays, the mining, a common term for solving the problems and generating the coins, is being performed by highly advanced, dedicated mining rigs, or through distributed computing systems that use a large number of individual computers, each working on a piece of the puzzle.
It’s this last mining rig type that has spawned the growth of cryptojacking, using computers that have had mining software installed without the consent of the owner to hijack the computer’s processing power to mine for coins.
Types of Cryptojacking
Cryptojackers use two common methods of manipulating a computer to run mining software. The first, and somewhat less common at the moment, is the old standard malware approach of using a Trojan app to install the mining app on an unsuspecting system. This usually takes the form of a mining app masquerading as another, more popular application. Once the app is downloaded and the installer run, the crypto miner is installed and starts mining for coins.
However, the most likely way for a Mac to run into cryptojacking is through a web browser. The software for mining cryptocurrency has been developed using JavaScript, which every web browser can run. Cryptojackers can insert the JavaScript code into a hacked website, or they can embed the JavaScript mining code within ads which are then placed on many websites.
All you need to do is visit one of these websites, and your Mac will start happily running the cryptocurrency mining code.
For the cryptojacker, using web-based infection has many advantages. It’s easy to do; while they can hack a website and insert the code, they can also just create an ad and place it with an ad service to have it distributed to many websites. Web-based cryptojacking also doesn’t require any type of enticement to get you to download and install a cryptojacking app; instead, the browser runs the mining code for as long as the webpage is open; no installation of code required.
Coyote Moon, Inc. 