TOKYO -- If you've noticed your computer or smartphone acting sluggishly after visiting an unfamiliar website, the problem may be more than just the usual file clutter. Your PC may have been hijacked to mine cryptocurrency.
The number of reported cases in Japan is rising and cybersecurity companies are warning individuals and businesses about the danger. Hackers target a range of electronic devices, including desktop computers, smartphones and servers.
Trend Micro, which develops security software, said that in the three months through December 2017, about 130,000 incidents of theft of computing power in Japan were detected by the company's security software. That was over 175 times more than in January to March of that year.
Generally hackers use one of two methods. One is a script called Coinhive. When a computer user visits a problem website, the browser automatically loads the program, which then taps into the computer's processing power to mine Monero, a cryptocurrency.
Sometimes the program is embedded in banner advertisements. Trend Micro confirmed on March 25 that an ad sent out by AOL, an online adverting platform, had been planted with such a program. The ad appeared on the MSN Japan portal site. Those who visited the site and saw the ad on their browsers may have had their computers tapped for processing power. Crucially for users, one did not have to click on the ad for their machines to be hijacked. Merely having it displayed on their browser was sufficient.
Another way is to spread the malware through emails and other means. The malware secretly siphons the PC's processing power to mine digital currencies. The number of victims is smaller because the software is harder to write than Coinhive. But it is more dangerous because the computer can be used to mine cryptocurrency even when the user is not visiting a particular website.
Until last year, ransomware had been the favored tool for cybercriminals. With ransomware, hackers break into a computer, encrypt the user's files, then demand a ransom to receive a key to decrypt the scrambled files. Many Japanese companies were forced to take security measures as the number of victims climbed.
Cases of cryptojacking increased rapidly after Coinhive emerged in September 2017, said Katsuyuki Okamoto, a security evangelist at Trend Micro. Scripts for Coinhive are widely available online and the program is modifiable, which makes it easier for hackers to steal a PC's processing power without using malware.
"Unlike other cryptocurrencies, Monero is easier to mine, even with relatively low-performance terminals," said Hideki Inomata, a chief security analyst at IBM Japan's Security Operations Center. This gives hackers an incentive to target the typical computer or smartphone user, rather than more sophisticated and heavily guarded systems.
Soaring cryptocurrency prices in 2017 have fueled cryptojacking. The price of Monero, which was below 1,500 yen ($14) per unit in late January 2017, surged to about 40,000 yen by December of that year. The price has dropped since the beginning of 2018 and now hovers around 20,000 yen, still more than 10 times higher than it was in January 2017.
Monero is an "anonymous" cryptocurrency and transactions in it are hard to track. Japan's Financial Services Agency sees these cryptocurrencies as a major problem because they are often used for money laundering and tax evasion. Some experts believe anonymous cryptocurrencies have helped fund North Korea's illegal activities.
While anti-virus programs are capable of detecting Coinhive scripts and blocking them, malware is harder to control once it has infected a device.
"Certain types of malware are sophisticated enough to mine digital coins only while users are not typing, so users are often unaware that their computers are infected," said Toshio Nawa, a senior security analyst at Tokyo-based Cyber Defense Institute. Once a company's computers are infected, it is necessary to install a tool that can analyze the communication history of each terminal.
Computational power theft for coin mining does not put people's personal data at risk, but it is essential to take countermeasures nonetheless. "A program that was designed for coin mining could be turned into something else by criminals," warned Hiroaki Takiguchi of Symantec.