Skip to Content

Data Sheet—This Bitcoin Mining Technique Is Being Used in Malware

Welcome to a midweek cybersecurity warning. Aaron in for Adam today.

It takes a lot of computing power to “mine” a bitcoin or other digital currency coin. The giant mining operations of Asia stack thousands of computers in dimly lit factory buildings powered by cheap electricity from coal-fed generating plants. Bitmain’s mining operation in the northern Chinese city of Ordos uses $39,000 of electricity a day.

But with the price of bitcoin skyrocketing (at least on a monthly basis) and other currencies following suit, it’s probably no surprise that some less legitimate folk have sought to profit from the boom. And they’ve latched onto some software that started out with a clever idea.

Known as CoinHive, the JavaScript program is designed to reside on web sites and run in the browsers of visitors to crunch the calculations that mine a cryptocurrency called Monero. While different currencies require different types of calculations that favor one kind of computing set up or another (ethereum runs great on graphics cards while bitcoin mining uses specially made chips called application-specific integrated circuits), Monero’s underlying mining challenge was made to run best on ordinary PC CPUs. Say, the ordinary PCs of people browsing the web.

In theory, it’s an interesting new twist on monetizing web content. Instead of bothering visitors with ads, borrow a limited amount of their CPU power while they visit your web site. The borrowed CPU time uses a little more electricity, boosting each visitor’s electric bill but only by a tiny bit.

The problem, of course, is that suddenly CoinHive is popping up all over the web, grabbing as much CPU power as it can from every PC it touches, but without getting permission or even notifying the affected visitors. In many cases, it appears the software has even been installed on web sites without the permission of the website owners, with the generated Monero coins going into the digital wallets of unknown hackers located somewhere else entirely. Cybersecurity firm Check Point Software uncovered a malware app called Adylkuzz spreading across the web starting around the same time as the WannaCry ransomware app and using some of the same stolen-from-the-NSA methods. As of last month, Monero-mining malware ranked as the sixth most prevalent threat in the wild, Check Point said.

What can you do to avoid this spreading plague of stolen CPU cycles? Browser plugins that block adware and malware, like Adblock, will stop CoinHive. So will more robust security firewalls and monitoring services. Be careful out there!

Aaron Pressman


Denied. Tesla fired back against a lawsuit accusing the company of widespread discrimination against people of color. The electric carmaker said it is “absolutely against any form of discrimination, harassment, or unfair treatment of any kind” and called parts of the suit “a complete fabrication.”

Twice denied. Amazon is perfecting its denial game into a high art form. A day after setting the world straight about its China cloud services unit (not throwing in the towel), Amazon says it is not creating a free, ad-supported version of its streaming video service, either. And sources tell Reuters that the company has abandon an effort to create a cable channel bundling Internet service similar to YouTube TV or AT&T’s DirecTV Now. At least until the next denial.

Not enough to deny. Giving out barely any information, retailer Forever 21 said it had been penetrated by hackers who accessed payment data from some of its stores between March and October. How many stores, how much data, and how many were customers impacted? “It is too early to provide further details on the investigation,” the company said. Stay tuned.

Abandon. Even old school tech investor Warren Buffet has given up on IBM, it seems. Buffett’s Berkshire Hathaway cut its stake in IBM by one-third to 37 million shares as of September 30.

Confirmed. Mozilla launched on Tuesday its next-generation browser, Firefox Quantum, for Android, iOS, Linux, Mac, and Windows, in what the company calls the “biggest update” in 13 years. Firefox Quantum, also called Firefox 57, has a new user interface that gives it a more modern look and is built to be faster and easier to use.

Expanded. Google’s open source TensorFlow software is one of the most popular platforms for artificial intelligence and machine learning development, but it typically runs on cloud servers or other powerful hardware. On Tuesday, Google offered an expansion dubbed TensorFlow Lite that’s designed to run on mobile devices, like smartphones or tiny embedded computers.

Really expanded. Chinese Internet giant Tencent reported revenue increased 61% in its most recent quarter, the fastest rate of growth in seven years, to almost $10 billion. Net income at the owner of popular messaging app WeChat jumped 69% to $2.7 billion. WeChat reached 980 million monthly active users, meaning by year-end it will likely surpass the 1 billion mark.

Really, really expanded. Private startup AirBnb’s net revenue doubled from a year earlier to about $1 billion in the third quarter, Bloomberg reported. The company was also profitable excluding interest, taxes and amortization.


How does that famous Chumbawamba song go? I get knocked down, but I get up again. Whitney Wolfe Herd definitely got knocked down, but she’s got up again. A co-founder and top executive at the dating app Tinder, she left the company after suing for sexual harassment in 2014 with a confidential settlement.

Now Herd is back with a new dating app called Bumble more oriented towards women that has already attracted 22 million users and a buyout offer (turned down) from Match Group. Clare O’Connor at Forbes has a profile of Herd giving an inside look at the fast-growing startup, including the all-important origin story.

One night, over cocktails, Herd stumbled upon Bumble’s special sauce. “I always wanted to have a scenario where the guy didn’t have my number but I had his,” she recalls telling Andreev. “What if women make the first move, send the first message? And if they don’t, the match disappears after 24 hours, like in Cinderella, the pumpkin and the carriage? It’d be symbolic of a Sadie Hawkins dance–going after it, girls ask first. What if we could hardwire that into a product?” It was the kind of brilliant tweak that comes from someone who understands the target demographic because they’re in it.


TRENDnet Cameras Still Have Gaping Security Holes, 3 Years After FTC Settlement By Robert Hackett 

Russia Used Twitter Bots to Influence the Brexit Vote Too By Geoffrey Smith

How Zillow Made It Through the Housing Crisis By Anne VanderMey 

Former U.S. CTO: The ‘Robot Apocalypse’ Could Happen. Here’s How You Stop It By Lucinda Shen

Not Everyone’s Going for This Hyped New Feature on Apple Watch Series 3 By Aaron Pressman

Facebook’s Fact-Checkers Complain That ‘Fake Information Is Still Going ViralBy Tom Huddleston Jr.

Commentary: Pokemon Go’s Creator Is Making a Harry Potter Game. Will It Bomb Too? By Jonah B. Firestone


Have you caught up on the entertaining second season of Stranger Things? Well, even if not, I don’t think it’s a spoiler to say that the kids of the fictional town of Hawkins, Ind. were rocking some pretty cool 1980s wear. And in a strange twist, that’s benefiting the real life Science Museum of Minnesota. It seems the museum has received hundreds and hundreds of orders for the purple hoodie with its logo and a brontosaurus skeleton that Dustin, played by Gaten Matarazzo, wore on the show. Want your own? You can order from the museum’s web site.

This edition of Data Sheet was curated by Aaron Pressman. Find past issues, and sign up for other Fortune newsletters.