Since the explosion of Bitcoin and cryptocurrency popularity, the personal computer market has never been the same. The race to increasing Bitcoin hashpower has added a significant appreciation to the value of respective computer parts—specifically central processing units (CPU) and graphics processing units (GPU). One of the biggest benefactors of crypto-mining is Nvidia—an American technology company best known for their graphics cards. Their primary competitor, AMD, has not reaped the same appreciation as Nvidia due to complications in their Ryzen CPU—even though AMD proclaimed the Ryzen as a crypto mining CPU. With the popularization of building powerful computers for bitcoin hashes, a problem developed: Cryptojacking. Historically, hackers have employed viruses to infect a broad spectrum of digital infrastructures to gain access to a specific computer system—or created malicious malware or ransomware to cause mayhem. The newest hacking trend is creating malware that turns an infected PC into a crypto miner without the owner’s consent. Recently, the video game community has faced the threats of Cryptojacking.
The Washington based game developer, Valve, announced that they would be opening up the online marketplace of their digital distribution platform, Steam, to incorporate a more extensive selection of games—from smaller developers. Valve had only one caveat for the games from third-party developers: they cannot be illegal nor ‘trolling.’ They established the parameters for games after Valve faced controversy over a few of their games—namely, one where the player was part of an active school shooting. With the proverbial floodgates set wide-open, there is an opportunity for developers and programmers to publish malicious malware and sell it on Steam’s marketplace.
Recently, a game on Steam caused a different issue that Valve was not expecting. The game, Abstractism, is a minimalistic platformer game that cost forty-nine cents on Steam. Abstractism appeared on the Steam marketplace on March 15h 2018. The developer, Okalo Union, issued statements that encouraged players to let the game run all day. The promise of having longer run times in the game was that the player was more likely to find a unique item for other games. Okalo Union also encouraged players to return on Fridays to reset the special item drop counter, so the players could continue to find special items. On July 13th, Youtube personality, SidAlpha, published a series of videos on his channel that exposed the suspicious behavior of Abstractism. SidAlpha was wary of the unreasonably high processes his computer was running when he played the simple game—commonly noted by wheezing (stressing) of the computer’s cooling fan system. He pointed out that a suspicious background task, steamservice.exe, ran whenever he played the game. SIdAlpha stated that the long run times and Friday reset is a hallmark sign of crypto mining and Cryptojacking. The suggested cycle of events is so the program can collect hashtags from infected computers and direct them to a digital wallet.
Okalo Union publicly announced that Abstractism was not a crypto mining program and that the players must have been running the game incorrectly. Other suspicions were cast on the developer when the programs needed to gain the “special drop” items would trigger warnings with any anti-virus software. However, Abstractism is not the first case of game-based Cryptojacking. In October 2017, a “cheat” for the online game Fortnite, was exposed to be selling programs with crypto jacking malware. The programmer would fork in malware scripts that would turn the unsuspecting gamer’s computer into a crypto mining bot. Currently, lawsuits are being filed against the programmer to reimburse those who were affected.
The greater worry with Cryptojacking malware is that it poses a credible threat to computers and cloud-based infrastructures. Cryptomining computers require powerful processing units to fulfill their function—it takes a significant amount of energy to run crypto mining software. Some gamers have turned their PC into a crypto mining node—it is a smooth transition since their PC has the appropriate processing components. Older and outdated computers cannot handle the heavy processing load required to collect hashtags. Infecting a computer lacking the necessary hardware requirements for crypto mining may cause the PC to burnout—the hacker does not care about your computer’s survival. Other fears, from corporations and individuals, is that a Cryptojacking malware virus might infect their cloud-based infrastructure. A parallel to a virus infecting someone’s cloud infrastructure is when cancer cells enter the lymphatic system—it is terminal at that point. Cryptojacking is difficult to detect—the primary indicator is high demands for CPU and GPU processing power outside of a respective program or task. Currently, the only proven method of detecting Cryptojacking malware, in a personal computer or a corporate server hub, is to monitor the network processes. For now, distributors like Steam and Google Play are banning crypto mining applications from their stores—and keeping an eye out for Cryptojacking malware.