The first computer virus appeared “in the wild” (outside of dedicated computer labs) in 1982, written by a ninth-grader. Since then, hundreds of thousands of viruses have been written and they just keep coming. One of the more recent iterations is the bitcoin miner virus. Maybe you’ve heard of them and are wondering what they are and how to tell if you have a Bitcoin miner virus.
If so, read on…
What is Bitcoin mining?
You probably know that Bitcoin and other cryptocurrencies work on blockchains and that some people earn crypto by mining. But maybe you don’t understand what “mining” actually is in this context. Blockchains work by creating complex mathematical puzzles that must be solved by computers. The owners of the computer that comes up with the solution first are rewarded with Bitcoin. That is what it means to “mine” Bitcoin.
The puzzles get more and more difficult with time, meaning that you need more powerful computers to solve them. In the beginning, anyone could do it with an ordinary PC, but now that is simply impossible. Currently, Bitcoin mining requires special computers that are worth a lot of money. These computers are called miners.
What is a Bitcoin miner virus?
The name would suggest it is a virus that infects Bitcoin miners. After all, a computer virus infects computers. But this is not the case. Bitcoin-mining malware is actually viruses that mine Bitcoin. Now you might be asking “But isn’t Bitcoin mining something people do for money? What’s the problem?”.
As I explained above, Bitcoin mining is no longer possible on a regular PC because the puzzles are too complex and this makes special mining equipment a requirement. However, if you own a lot of PCs you can link them together to make one very powerful supercomputer. Some very unethical programmers have written viruses that hijack other people’s computers and force them to mine Bitcoin for them. If your computer is infected, it could be mining right now… for someone else!
These viruses aren’t just mining Bitcoin, either. Your computer could be mining Ripple, Monero or any other altcoin without your knowledge. Generating profit for the person who made the virus. So the more technically correct term would be “Cryptocurrency mining malware”, but since Bitcoin is the most targeted token, the name “Bitcoin miner virus” just stuck.
How do Bitcoin miner viruses spread?
Crypto mining malware spreads just like any other viruses. They may be downloaded from unofficial software repositories, sent through peer-to-peer file-sharing services, sent by email as apparently normal documents and so on.
The same general recommendations for avoiding regular viruses apply here too: download programs only from trustworthy, official sources, don’t open links or documents from unknown senders, keep your antivirus software updated, etc.
How to tell if you have a Bitcoin miner virus?
First of all, mining uses a lot of computer power. If the virus makes your CPU do the work, you will find your computer slow, laggy and maybe even unusable. There will also be some serious overheating. The heat may be so intense that it can damage your processor, RAM or motherboard.
If your computer is shutting down from overheating or just keeps getting slower, it might be infected. If you want to quickly check for Bitcoin mining virus, you should look at your CPU and RAM usage. On Windows, you can see this in the task manager. Open it by pressing CTRL+ALT+DELETE. On Linux systems, find your distro’s system monitor. The screenshot below shows the Linux Mint 19.2 “System Monitor”. They all display the same general data:
The key here is to look at the list of running processes and see how much CPU and RAM they are using. If a process is using a lot of computer power, look at its name. If it’s something weird you don’t recognize or remember installing, that could be your virus!
The resources graph would show a constant high CPU and network use.
But not all Bitcoin miner viruses target your CPU. Some of them make your computer’s graphics chip (your GPU) do the mining. In this case, your computer’s performance won’t be as severely affected as in the previous one. Most of the time you’ll be able to work on your PC just like you always do. But you will suffer from lags, slow performance and dropped frames when using graphic-intensive programs like games or CAD packages. With this kind of virus, tasks managers or system monitors won’t be of any use because they don’t display data on GPU usage.
To make matters worse, a recently described type of crypto mining malware can infect your computer without actually installing any files on it.
These last two kinds can be a challenge to detect and get rid of, but it can be done.
How to remove a Bitcoin miner virus?
Crypto mining malware removal can be done manually. However, this requires considerable technical skill because it’s not just a matter of finding and deleting an executable file. You will also have to manually edit the system registry and risk bricking your computer.
It’s easier and far less risky, to use antimalware software. Not all antivirus programs can detect and remove a Bitcoin miner virus. Some programs that can remove crypto-mining malware are SpyHunter, ReImage, Malwarebytes, Comodo antivirus and DrWeb. DrWeb has versions for Windows, Mac, Linux and even Android. And Comodo antivirus claims to be able to remove file-less mining malware.
In this article, you’ve learned how to tell if you have a Bitcoin miner virus and someone is using your computer to make money without your knowledge. If your favorite games suddenly start dropping frames, don’t just go running to buy a new graphics card. If your computer is slow and overheating and your electrical bills are suddenly much higher, now you know what might be happening and what to do.