Hackers Hijack Retailers' Showroom PCs for Cryptocurrency Mining

Dutch hackers have started hijacking laptops showcased in retail stores and using them to mine bitcoin.

AccessTimeIconOct 9, 2014 at 12:40 p.m. UTC
Updated Aug 13, 2021 at 9:23 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Dutch hackers have started hijacking laptops showcased in retail stores and using them for cryptocurrency mining, according to a report.

The stores involved have admitted that an undisclosed number of display samples were affected by malware and said they would take steps to eliminate the practice.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Dutch tech publication Computerworld reported the problem on 7th October after a computer science student revealed that laptops in the Media Markt chain of shops have been exposed to mining malware for some months.

    Computerworld found that a total of 105 laptops were part of a botnet and that an estimated €500 had been generated in mining revenue over that time.

    Media-Saturn Netherlands, owner of Media Markt, said it should not be possible to run malware on the machines as "a display model should require the password of an administrator", adding:

    "We will consult with our locations and suppliers [...] Where necessary, we will come up with new or more stringent protocols."

    Several other stores were found to have a risk of malware, namely Paradigit, MyCom and Computerland, according to the report.

    Seeking solutions

    Upon further examination, the reporters found that the retail stores in question suffered from lax security that made it easy for malicious individuals to access the computers and install malware.

    In addition to mining cryptocurrencies, the attackers also used the infected machines to steal personal data and spy on visitors using the webcams.

    BAS Group, the owner of MyCom, Dixons and iCentre stores, said it was not surprised by the problems, but that it was seeking solutions that ensure the malware would not be accessible to consumers.

    BAS CIO Lub Ten Napel described the problem as a "delicate situation", since the stores have to provide Internet access on showroom computers, meaning they cannot offer maximum security without undermining the customer experience.

    "We once taped webcams, but customers want to test everything and therefore the tapes had to go off. Also, we have posted memos that warn visitors of the dangers, but those kinds of warnings scare off consumers too," he said.

    Boosting security

    The BAS Group currently operates 200 stores and caters to 160,000 shoppers each month. Ten Napel said the company is looking into ways of improving security, while at the same time allowing shoppers to try potential purchases

    It is possible to run some laptops in 'kiosk mode', which limits access on display models. However, that functionality is only available on relatively new Windows 8.x systems and is not necessarily installed on store PCs.

    The company indicated it plans to start running more showroom samples in kiosk mode as soon as possible.

    The student who originally tipped off Computerworld argues that Internet access on store samples could be restricted, along with USB functionality. Furthermore, hard drives could also be wiped overnight, rendering the machines safe the next morning.

    Low returns

    Bitcoin mining malware has been around for some time and it is still spreading, despite the fact that it is practically obsolete.

    A recent McAfee report found that mining botnets were rendered futile due to the increase in bitcoin mining difficulty, but cybercriminals are still opting to use them in the hopes of easy gains.

    Bitcoin mining malware is widely available online, and many malware designers choose to integrate it in their malicious software as an option for buyers.

    However, the heat and noise produced by illicit bitcoin mining is easy to spot, leading to greater botnet attrition rates, while at the same time generating little in the way of profits for the attacker.

    Computer shop image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.