In the past few weeks, researchers have noticed a major increase in the number of malware variants using the computational power of the targets to mine Monero cryptocurrency blocks.
These malware, usually flagged as Trojan.CoinMiner by the antivirus industry, can make a lot of money to their operator.
All transactions are stored in a public distributed ledger called a blockchain. To verify and allow those transactions, the computational power of supporting network nodes is needed to maintain and update the blockchain, calculating hash blocks. Those are called cryptominers.
When mining is performed, depending of the number of blocks calculated, the owner is granted a reward under the form of a certain amount of the cryptocurrency. The more blocks are calculated, the more the reward is important.
Nowadays many other cryptocurrencies have been developed, but all use the concept of the blockchain.
The approach to infect computers greatly varies and the miner itself may be a simple process launched on startup or use more sophisticated method like fileless malware.
Usually, these malware are mining the Monero cryptocurrency because of its anonymity. The symptom of such an infection is typical: the extreme sluggishness of the computer because the miner is using all its computational power.
Famous torrent site The Pirate Bay embedded it on their site, which led to massive protestation by the users. More worrisome, many popular sites, like DLINK or CBS, were hacked and this miner inserted into their pages.
Since, CoinHive changed the way their miner works to make user consent mandatory before starting mining. However, it will be easy for other programmers to develop one acting like the first version of CoinHive script.