Aditya Birla Group suffered from a cryptojacking attack last month, in one of the first such instance reported in the country, according to the Economic Times. The paper reports that more than 2,000 computers of various companies under the group were targeted by hackers. These systems were used for cryptojaking or that their processing power was to mine crypto currency. In such attacks, the intention is not of stealing data or money, but to mine crypto, which requires a lot of energy.

An Aditya Birla group spokesperson told ET that its system recently detected suspicious activity and , an internal team deployed countermeasures to isolate and eliminate the cause of this activity. The spokesperson also confirmed that no data was lost and a detailed forensic investigation is underway.

When a terminal is cryptojacked, the malware makes it work on behalf of the hackers, and its processing power is exploited (without owners’ knowledge). This causes slowing down of the machine. In this attack, the cryptocurrency mined was Monero, an open-source cryptocurrency that focuses on privacy and is virtually untraceable.

Crypto-mining

In February, a research by British security software company Sophos found 19 applications available on Google Play involved in cryptomining without the user’s consent. It discovered hidden Coinhive JavaScript mining code inside HTML files in the apps.

CoinHive is a JavaScript-based miner which allows a user to mine cryptocurrency Monero using a web browser – in this case the application’s inbuilt browser. In many of these apps, the page loaded whenever the app was started. Well-developed apps even used CPU throttling to prevent heating up of the device and draining of battery to conceal its presence.

Before this, malware Loapi was also discovered, which masquerades as popular antivirus apps or an adult content app.

Cryptocurrency mining appears to be the gold rush of the 21st century. Such malware have a long history in Google Play, with the first family — Andr/LepriCon-A — appearing in 2014, but recent discoveries present a worrisome expansion of the trend.

British news website The Register has started running JavaScripts in the background as users load its web pages. Its Web Workers feature thus creates a distributed bitcoin mining operation. Medianama has also recently discovered that Salon, also a news website, is asking users to choose between viewing ads or allowing the use of “unused computing power” likely for cryptomining. The Salon web script will also be mining for Monero, but this will be done only with the user’s consent unlike the malicious apps mentioned above. The amount of CPU usage has not been revealed, however.