We’ve all come a long way, the
good people and the black hats and the tech we all depend on. It used to
be rainbow tables and dial-up, and most people weren’t online at all.
Now your stuff connects to the Internet and phones home — often whether
or not you want it to — and how many people do you know who don’t have a
smartphone? In perfect lockstep with progress, there now exists a
malware vector by which your smartphone can be forced to mine a new cryptocurrency.
The cryptocurrency is called
Zcash,
and it debuted on October 28. Its developers claim that it’s more
anonymous than Bitcoin: “If Bitcoin is like HTTP for money, Zcash is
HTTPS.” Zcash started out hot but rapidly declined in value, though it’s
still in the top ten most profitable according to
CoinWarz.
The malware is comparatively benign, as
malware goes. All it does is eat processor time, tie up RAM, and raise
your power bill to mine Zcash. But coin mining software will often take
up all the RAM you’re not actively using, which means this malware can
really kneecap performance. It’s distributed via links for things like
pirated software,
according to Kaspersky researcher Alexander Gostev, and there are around a thousand possibly infected computers so far.
Zooko Wilcox, founder and CEO of Zcash (a currency can have a CEO?),
told
Motherboard that the most users can do at this point is take
preventative measures, like anti-malware, because he can’t rein the
whole thing in; nobody can.
“Unfortunately, we have no way to prevent this
kind of thing, since Zcash is an open source network, like Bitcoin,
that nobody (including us) controls,” Wilcox said in the interview. “Our
recommendation to security companies that detect this kind of activity,
like Kaspersky, is that their software should alert users when
potentially malicious software (like that described in their blog post)
is detected, and give the user the option of shutting it down or, if it
was deliberately installed by the user, allowing it to run.”
Botnet mining isn’t huge and probably isn’t
going to get that way, because even a huge botnet can’t compete with
ASICs. But Zcash was supposed to be the exception. Zcash’s creators say
it’s ASIC-resistant because it’s not economical to implement on ASICs.
ASIC market fraud
and difficulty getting cryptocurrency turned into cash are probably
what will make it most ASIC-resistant, though — not any wizardly
subtlety of the algorithm.
Either way, Zcash is supposed to be
lightweight and deeply decentralized. Its site crows that you can leave
your smartphone mining while it’s plugged in and charging overnight.
This is clearly both a blessing and a curse.
Comments
Post a Comment