Karthik Pasupathy (aka KP)

I Was Making Someone Rich by Allowing Them to Cryptojack My PC

Two weeks back, I came to know that my PC was secretly being used by somebody in the US (could be a proxy location) to mine cryptocurrency. What started out as an unexpected PC shut down on a Saturday morning, quickly snowballed into me knowing the fact that somebody hacked my computer.

Let me rewind a little and tell you what happened

I was spending my Saturday morning the usual way. I woke up at 6:00 AM, got freshened up, made myself a cup of coffee and started watching a movie on Netflix.

When the movie was over, my wife walked into the room and asked me to set up a VPN on the computer so that she can work from home the following week.

I was working on setting up the VPN and my computer shut down without any warning. My OS threw me an error and started rebooting.

At first, I thought it could be a glitch in my OS. But, when the computer rebooted I got a pop up where the Windows Firewall asked me to provide public access to file in the System32 folder. It looked a little suspicious. I quickly Googled the file name and found out that it was a malware.

What is malware doing on my computer! I should run a virus scan!

When I clicked on the system tray, I was surprised to see that there was no Antivirus on my computer. It was shocking because I was sure I installed Antivirus software on my computer. That moment I knew something was wrong.

I knew this could’ve happened because of two reasons: First, one of us in the house would’ve mistakenly uninstalled the Antivirus program from the PC. Second, someone used a backdoor or a virus to gain access to my computer and disable any and all security measures. I struck off reason number one as I am the only person who uses the PC all the time. My wife uses her phone and my mom switches between the iPad and the Kindle.

If an Antivirus is already in place, how would someone snoop into the computer and uninstall/disable all security measures in my computer? Does my OS have something to do with it?

Until then, I hadn’t given much thought about the OS on my computer. The computer vendor (who is no longer operating shop), installed a version of the OS when I bought my computer. What if the OS on my computer was pirated?! I quickly tried to check and I was right. The OS on my computer was a pirated version.

Also, I found out that my PC name was changed from my name to some gibberish. This is a clear indication that my PC was hacked.

The pirated copy of the OS could’ve had a backdoor and injected malware into my system.

I quickly installed an Anti-Malware and an Antivirus software and ran a quick scan. The reports showed 132 malware infections on my PC. I quarantined all of them to the virus vault.

When I finally gave out a sigh of relief, I got a bunch of popups from the Antivirus software. It said some programs are trying to access an IP address. I ran the name of the program and the IP address on a lookup website and I found out that it belonged to a company that mines cryptocurrency.

When I did further research, I found out that it is common for websites to hijack your PC and use its computing power to mine cryptocurrency. The process is known as “Cryptojacking”.

Why do people need so much computing power to mine cryptocurrency?

The answer is simple. Mining cryptocurrency requires an extraordinary amount of computing power as it involves solving complex mathematical problems. In order to do that, hackers either use malware to take control of several host systems and later use them to compute smaller chunks of mathematical problems to mine cryptocurrency. The malware is usually disguised in the form of attachments, links in emails, and pirated software applications, OS and games that we download from the internet.

Another way people can exploit your PC for crypto-mining is by using APIs. When you visit certain websites, the site’s code will have an API or a piece of embedded JS code that will use up your computer’s resources as you browse the website. But, some companies and websites also ask for volunteers to share their CPU power for mining cryptocurrency.

This takes clocks up the CPU and RAM usage, which can lead to reduced machine performance over a period of time.

Cryptojacking is one of the fast-growing computer threats all over the globe.

In 2018, a crypto mining bot affects close to half a million machines and helped anonymous parties generate close to $3.6 million worth of Monero.

The first half of 2019 alone saw 52 million cryptojacking attacks all over the world. Crytojacking has become popular among hackers as it is the best and cheaper alternative to ransomware. Those who don’t know ransomware, it is a form of malware that encrypts the victim’s data and will restore access only when the victim pays a ransom. Crytojacking is preferred over ransomware because with ransomware a hacker might get money only from 3 people for every 100 infected computers. But, in case of cryptojacking, all the machines work for the hacker and helps them mine cryptocurrencies.

That’s enough details and stats about cryptojacking. Let’s come back to the story.

I took some quick steps to restore order.

In order to prevent my computer from any future vulnerabilities, I got a new copy of Windows 10 and did a fresh install on my PC. I also installed a new antivirus and an anti-malware system. I’m not entirely sure if it will protect my PC 100%, but I was happy that I took the necessary steps to overcome the current situation.

Even though I was a little shocked at the fact that I was making someone rich by letting them use my PC for mining cryptocurrency, I was not angry for two reasons.

All we can do as individuals connected to the internet is safeguard ourselves from the rising threats.

If you’re using a pirated copy of the OS or used to download a lot of software applications and games from torrent websites, it is essential that you run a system diagnostic to see if it is malware-free. Use free tools like Malware bytes, Avira Antivirus, or AVG, etc. to run a system-wide scan. If you detect any vulnerabilities, take a back up of your data and fix them immediately.

If a similar incident happened to me ten years back, I wouldn’t have worried so much. Back then, I wasn’t using the internet for everything. All I did back then was watch movies and listened to songs. But, in today’s world, we do a lot more on the internet. We share pictures, videos, buy stuff and do a ton of other things that contain sensitive user data. So, please be aware of the rising online threats and stay safe.