Why your daily coffee can make money for crypto-hackers

Crypto-mining malware is when hackers and fraudsters covertly infect your computer with software to do the calculations needed to generate cryptocurrencies, such as Bitcoin, Monero or Ethereum and the fraudsters keep any crypto coin proceeds for themselves.

Why did my laptop slow down when I used it in Starbucks?

If you join a public WiFi network, and you don’t use a Virtual Private Network (VPN), or stick to secure (HTTPS) websites or both, then anyone else in the coffee shop (or bus, or train, or hotel lobby, or wherever it is) at the same time can find out what you’re doing, and perhaps also trick you into seeing and doing something you didn’t expect to do.

Along with their coffee order, recent visitors to a Buenos Aires Starbucks also received a 10-second delay on their laptops and mobile phones when they connected to the coffee shop’s ‘free’ WiFi. Unbeknowing to the customers, their laptops’ power secretly went to mine crypto-coins which, naturally, the customers received nothing in return.

The mining was noticed by Stensul CEO Noah Dinkin, who took to Twitter on 2 December  2017 to ask Starbucks if it was aware of what was going on. He included a screenshot of the code.

StarbucksHack

Big deal! What’s a 10-second delay anyway?

To make any real money with coin-mining, you need a lot of electricity to deliver a lot of processing power on a lot of computers. So, you can either rent space in a giant coin-mining server farm, for example in Iceland, where electricity is cheap (and the weather is cold enough to stop your computers melting down). Or you can steal other people’s electricity, processing power, (and air conditioning) by using malware to sneak crypto miners into their networks, their browsers, their coffee shops, and more.

What happens if I’m infected?

If you get infected with crypto-mining malware, all your data is still there, and you can still access it. This may seem that crypto-mining sounds like a ‘short black’ compared to ransomware, however, your computer will probably be annoyingly slow, your laptop fans will be roaring all the time, and your battery life will be hopeless.

On a mobile device, all those side effects are much more of an issue, because short battery life means outages when your phone goes flat, and the battery overheating associated with continuous super-heavy processor usage could cause permanent damage.

Ironically, a lot of coin mining software advises you not to bother running it on mobile phones: the computing power of your mobile just isn’t sufficient for decent results, so the costs outweigh the benefits.

But why would hackers care about that, when they didn’t ask for permission in the first place, and when you’re paying the costs while they reap the benefits?

Well, the hackers don’t care, and SophosLabs has just published a technical report that will show you just how much these crooks don’t care.

So, next time you decide to use ‘free’ WiFi in a public space, understand that it’s not really free and is used by fraudsters to infect your digital devices with all sorts of things including the increasingly popular crypto-malware.

Source: Sophos Ltd

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s