Bitcoin Java CPU miner

In-the-browser botnet turns victims' CPU cycles into cash for the attackers.

Researchers have discovered a compromised website where a piece of JavaScript has been included that is used to mine bitcoins for the attacker.

Bitcoins are a digital currency whose popularity and value have increased significantly in recent years. Bitcoins can be used to make online payments and exchanged for real currency, while new bitcoins can be 'mined' using large amounts of CPU time.

Unsurprisingly, this has attracted the interest of botherders: via the botnets they control, they have access to a lot of CPU time, which can be turned into cash via bitcoin mining. Indeed, in recent months a number of malware samples have been discovered that are capable of using a compromised machine's CPU cycles to mine bitcoins.

In this particular case, however, the mining software is programmed in JavaScript and runs inside the browser of those visiting a compromised website. This in-the-browser botnet does not infect the victim's computer, but it does use their CPU time, which could significantly slow down the machine. The advantage for the attacker is that the mining code is browser- and platform-independent and is less likely to be blocked by security software.

More at the MailChannels blog here.

Tags: bitcoin, botnet, browser.

6 comments

Why is this even considered an attack or a compromise? I mean as long as the website owner is clear about how he uses your CPU (because it's the owners that usually put java or javascript miners in their site) this should be safe and legit.

You're right: it could well have been a legitimate site doing this openly. (Might be an interesting alternative to running advertisements.) However, in this particular case it appears that the website was compromised and the JavaScript code was inserted by a third party.

If I were Facebook I would be experimenting with using 50% of users' computing power to mine for bitcoins. It would be opt-out. If people have a habit of leaving their Facebook window open all the time, and if they really don't want to pay for the service, why not? Put it in the terms of service and that will be that.

Bitcoin Java miner

Bitcoin ATI GPU Miner

Bitcoin Black Friday

Bitcoin wiki Miners

Bitcoin API net