Whenever we think about web threats, issues like malware, hacking and pornography are probably the first to pop into our heads, but cyberspace is witnessing one new web menace that is quickly gaining international attention, “Crypto Jacking”. It involves the secret use of your computing device to mine crypto-cash. Anyone casually using the internet at home can be unwittingly functioning as a proxy member of a hacker’s team. Over the past few months, there has been a frightening growth in the number of websites running scripts that silently crypto jack users’ computer resources and secretly make them mine digital currency for miscreants.
This November, a security engineer at Threat Nix claimed on his Facebook wall that OnlineKhabar, the fifth most-viewed webpage in Nepal had a script of ‘Coin Hive’ running in the background which is used to secretly takeover users’ computer resources to mine crypto-currency. After this revelation, OnlineKhabar confirmed the presence of the secret code which has now been removed from the website. In a recently released document, OnlineKhabar claimed the involvement of a third party and demanded legal action against the culprit. This indicates that OnlineKhabar was a victim of a cyber-attack. If OnlineKhabar can be hacked for crypto-mining, how can we guarantee the safety of other personal and public websites? In Nepal, except for a handful of Information Technology (IT) experts, almost the entire population is vulnerable to crypto-hacking.