Unfortunately, only a small part of users carefully care about their cybersecurity. The creators of computer infections do not sleep and constantly adapt to online trends. In order to avoid becoming a victim, you need to understand the direction in which modern Trojan developers are moving. Mining viruses have become one of the most popular types of electronic evil spirits. Today's article is dedicated to them.
Almost at the same time as mining, the world saw viruses based on cryptocurrency mining. Attackers have learned to create programs that, secretly from the user, use computer resources to mine digital gold. Most often, this type of worm can be caught when downloading files from unverified sources. However, you can fall under hidden mining simply by going to a “left” site. Using special scripts, your computer's power will be converted into bitcoins at the attacker's anonymous address.
What it is
Behind the concept of secret mining is a virus program that uses computer resources for its own purposes. This is not visible visually. There are a lot of “black miners” on the network - for example, in 2020, Kaspersky Lab employees discovered two large invisible mining networks, with a total of almost 10 thousand devices. The owners of the equipment were not aware of this use of their PC.
The most common coins for illegal mining are Monero and Litecoin, since their complexity makes it possible to use the processors of ordinary home computers for mining. Infection most often occurs through malicious email messages or downloading files from unverified sources.
Dangers you may encounter:
- Reduced data privacy. The Trojan has access to the user’s personal data (passwords, payment details, credit history).
- Performance degradation. The computer runs slower and often freezes or restarts.
- Acceleration of iron wear. Increased load leads to failure of the processor, RAM, video card, and cooling elements (coolers).
You need to get rid of the virus infection as soon as possible.
Equipment service life
The main element of the ASIC is the chip, which cannot be re-flashed, modified or repaired. This is one piece of equipment, since the more complex the task, the more power supplies, processors and fans there will be - the efficiency of the device depends on this.
You need to properly configure and connect the ASIC. The service life is calculated based on the activity of use. Manufacturers give a warranty for 4 months or six months, but the device works for a year or two.
The decision to purchase mining equipment depends on the following criteria:
- maximum electricity consumption;
- miner cost;
- performance;
- manufacturer's warranty.
The latter is especially relevant, since not every miner can repair an expensive device on their own.
How to detect
Invisible mining on a processor or video card often makes itself felt by slowing down the device. This is especially noticeable under increased loads, such as games. If you have any suspicions, first of all you need to check the system with an antivirus with the latest databases - this will weed out some weak viruses, but the remaining ones are hidden much better.
Regularly checking the Windows Task Manager (Ctrl+Alt+Del) will help you detect a hidden miner on your computer. You need to open the application and, without launching the program or moving the mouse, observe changes in processes for 15 minutes. Secret mining will sooner or later appear - its process will begin to actively load the computer. You can find out information about a suspicious program by searching for its name on the Internet or by going to the “Details” section of the Task Manager.
This method is suitable for detecting hidden mining on the processor. If the virus has settled on the video card, the “Manager” in older versions of the OS will not show it: the tab displaying the load on the video processor appeared only in Windows 10. Standard tools do not always work at full capacity, so it is recommended to use third-party software:
- AnVir Task Manager;
- Process Explorer;
- Process Lasso.
A number of hidden miners cause the Task Manager to close spontaneously. This is another sure sign of a Trojan. If the load comes from an open browser, there is a possibility that a web miner built into the Internet site is active.
Reviews of the best models for 2017–2019
At the beginning of 2020, the manufacturer Bitmain announced the start of sales of a new ASIC called Antminer A3. This device could become a new tool in the hands of miners, which would differ in power or price, but no. The main feature of the device is its work with the Blake algorithm (2b).
The review of Asic Antminer A3 can last forever (the story about the new algorithm, the price of the device), but this pales in comparison to the fact that you can only mine one coin. The Sia token is trading at $0.005, but the market capitalization has reached $218,000,000. Such investor confidence is a reason to think about the prospects of the project and the need to purchase an ASIC.
The best ASIC for mining in 2020 may be the Asic Bitmain Antminer E3, the review of which begins with the information that this is the first equipment for mining Ethereum. Its power is 180 Mh/sec, and electricity consumption reaches 800 W. The first batch of devices was sold out in a few hours, since the equipment cost $800, which is equivalent to two AMD RX 580 video cards.
Such mining equipment can be thrown away immediately after purchase if the following things happen:
- the introduction of PoS and, as a consequence, the beginning of combined mining;
- creating an Ethereum fork;
- reduction of block reward from 3 to 0.6 Ethereum.
This makes you think about the advisability of buying an ASIC, since useless equipment will have to be disposed of.
Still, for now the flagship among ASICs remains Antminer S9, followed by Antminer R4, the cost of which reaches $1000. Its hashrate reaches 8.6 TH/sec, power consumption is 845 W. The device is noisy (52 dB).
More budget options are Antminer S7 and its closest competitor Avalon 6. The cost of such mining ASICs varies from $500 to $550. The productivity of the first is 4.73 TH/sec, and the second - 3.65 Th/sec. Energy consumption is the same - 1200 W.
If you have money for expensive equipment, now is the best time to purchase, as market correction conditions force you to sell equipment. This is a bearish trend: it only takes a little loss today to see a high price for the assets you have.
Types of black mining
Secret mining on a processor or video card comes in two main varieties: viral and browser-based. The first one is more dangerous because it penetrates directly onto the computer through an infected file. The second one works only on the Internet - while the user is browsing the site, PC resources are quietly used to mine cryptocurrency.
All browsers are trained to recognize malicious code, so you should not ignore warnings about dubious sites - this is how the browser tries to protect the user from a script that gains access to the computer.
Such scenarios are possible not only on one-day sites, but also on large resources. Thus, in September 2020, the serious Ukrainian portal of the Hydrometeorological Center was accused of: visitors unwittingly mined the Monero cryptocurrency for 4 hours. It never hurts to check your computer for secret mining.
How can you hide mining?
Algorithm of the secret miner:
- When an infected file is opened, a software client is installed on the PC.
- The client connects to the mining pool and mines. Usually not Bitcoin, since it is more profitable to mine altcoins on simple devices. Mining pools independently select the most profitable configuration depending on the power of the equipment.
- In the “Personal Account” on the pool website, the details of the attacker are indicated, where the earned funds go. An unlimited number of devices can be connected to one account.
Pools are now popular among “black miners”. This path is chosen by a variety of people, from schoolchildren to professionals. Dozens of schemes are posted on Darknet forums, and they are sold for money. The buyer of the scheme is required to share profits with the developer.
Why is it difficult to recognize disguised mining programs:
- the virus process does not load all processor cores, taking only a certain part of the power;
- the process is not displayed in the Task Manager or looks like a standard service;
- installation is carried out quietly, without displaying any messages on the screen;
- distribution occurs in conjunction with torrents, patches, Crack for games or programs.
The last option was chosen by hackers for a reason: antiviruses often complain about cracks and patches, seeing them as scripts for implementation into other programs. A user who is sure that a crack is needed can temporarily disable the antivirus or add the file to exceptions.
Technical part
Now let’s figure out how ASICs are designed to mine faster. ASIC is a circuit built on integrals that allows you to solve certain problems. From analogues that have a general purpose, the schemes under consideration perform specified actions, which is why it is necessary to decide in advance on the cryptocurrency to be mined.
ASICS for mining Ether are cheaper than analogues for Bitcoin, because the second cryptocurrency is much more expensive. The price of a regular chip is growing in direct proportion to the popularity of virtual coins, so the price of some devices may not be relevant immediately after entering the market as a result of a prolonged market correction.
If we look at ASIC in more detail, the microprocessor and memory blocks are responsible for mining. This can be either a read-only memory or RAM. Developers use hardware languages to define specific tasks.
How to check secret mining
To make sure that there is no Trojan on your computer, you should download the convenient AnVir Task Manager utility, which displays all processes running in the system with greater detail than the “Task Manager”. Just hover your mouse over the process of interest to get detailed information:
- Name;
- launch path;
- command line path;
- developer;
- process start time;
- resources occupied;
- the user on whose behalf the application is opened;
- restriction of access rights;
- a priority;
- file-"parent".
If you double-click on a line, even more detailed information will open, including a graph of the process’s impact on the PC load (per day, week or 2 hours). If the data looks suspicious, it’s time to move on to destroying the discovered stealth mining programs.
Secret mining virus programs
Three types of malware are most common.
Miner Bitcoin
Non-cryptocurrency users who don't play demanding games typically run their CPU at 20% maximum. Miner Bitcoin that gets into the system increases this figure to 80 or even 100%.
The program provides access to hidden confidential data and facilitates hacking of electronic wallets. The threat is often spread via Skype or when downloading documents or images from dubious sources.
EpicScale
"Infection" discovered by uTorrent users. The owners of the system did not even begin to deny it, they only stated that the finances earned through hidden mining were transferred to charitable purposes.
People were outraged that they were not notified about the illegal use of resources. A little later, another popular tracker, PirateBay, was drawn into a similar scandal. The most annoying thing is that EpicScale is extremely difficult to remove from your computer - its hidden files still remain on the system.
JS/Coin Miner
A miner that embeds its own scripts into the client’s browser. At risk are sites where a person is guaranteed to spend a lot of time: resources with movies, flash games or books. The load is on the processor, and the Trojan can be detected in the list of scripts running on the page.
Main characteristics
For Bitcoin mining, the extraction of which is one of the most difficult, the characteristics of the ASIC are important, which are calculated by users before purchasing equipment. This is an important decision-making stage, taking into account the technical data of the device:
- Performance, otherwise known as hashrate, is the most important characteristic of a mining device. The logic is simple: the higher the indicator, the faster the purchase of the device will pay off.
- Price. The higher the performance, the higher the cost of the device. Due to the complexity of mining, it is necessary to purchase more and more expensive ASICs. The time that the user will spend to “break even” will coincide with what was actual a year or two ago on weaker devices.
- Energy consumption. If farms consisting of video cards consume 250 W of electricity, for one ASIC this figure increases 4 times. Will the user be able to “feed” the machine?
- Noise. Video cards are silent compared to ASIC. Before buying equipment, it is worth providing a special place, since an apartment building is not suitable for mining.
Each user must clearly understand which cryptocurrency they trust, since ASICs are developed only for a specific token or a group of them working on a single algorithm. If you believe in Bitcoin, you won’t be able to mine Litecoin.
Blocking methods
The following measures will help you find and destroy mining in your browser:
- Editing the Hosts file.
- Installation of the Anti-Web Miner removal utility and the NoCoin browser add-on.
- By using certain extensions (NoScript), prevent the browser from activating JavaScript.
- Using AdBlock or uBlock add-ons.
The first point requires further consideration.
The Hosts file is located at: C:/WINDOWS/System 32/Drivers/etc . Opens with Notepad. At the very end you need to add the line: 0.0.0.0 coin-hive.com and write the file. Then go to AdBlock options and find the button responsible for adding custom filters. In uBlock this section is called “My Filters”.
Enter in the empty field: || coin-hive.com/lib/coinhive.min.js and click “Add”. Next insert the following:
||coin-hive.com $third-party
||jsecoin.com $third-party
||miner.pr0gramm.com
||gus.host/coins.js$script
||cnhv.co
These steps will help you successfully protect yourself from invisible mining through your browser.
Protection and precautions
A modern and frequently updated antivirus will help scan your computer and identify some of the malicious programs for hidden mining.
To install third-party programs, you need to have administrator rights; a good solution would be to create a second account, in addition to the main one, and work there. If we are talking about technology from Apple, you can activate the option that prohibits downloading software from anywhere other than the AppStore.