Advertising Screens Hacked To Mine BitCoin
bitcoin hack london security · 1 comment · 200 words · read ~16,890 times.
Spotted in London, . A large, Microsoft Windows-powered advertising hoarding has been hijacked.
It's not uncommon to see broken-down Windows displays - I run https://windowsisbroken.tumblr.com/ - which is dedicated to pointing and laughing at such mistakes. But this is the first time I've seen a display repurposed for profit!
It appears to be running NiceHash Miner Legacy. A BitCoin mining program for older computers.
I'm sure someone cleverer than me can figure out which wallet starts with 3Jgi6 and is receiving these coins.
Although, given that the hash-rate is zero, it may not be producing anything.
There's no way to know whether this is an external hack, or if an "enterprising" employee has decided to repurpose these computers on the weekend, or if the advertising industry has decided that mining is more profitable than encouraging people to enjoy a cool refreshing glass of blue milk.
If you've enjoyed this blog post, you can pay me in BitCoin.
Fabian Suhr says:
Well, first, the speed is 0.000 H / s, i.e. the application is not mining at all (either stopped or not even started). Second, "3Jgi6 ..." is a NicheHash internal billing address for the account. That is, when the miner is running, this bitcoin address is not automatically and constantly updated with all the tiny amounts of BTC gained / calculated by provided shares. The credit of this bitcoin address is always 0.00 BTC in the blockchain anyway. The payouts run from a NiceHash company cold wallet to a completely different Bitcoin address to be specified by the user in the "Withdrawal" process. The displayed BTC address will only be > 0, if you use it as the receiving address of the NiceHash account and manually transfer some amount to it, then you can order as a "buyer" to purchase something from the other miners (e.g. I want to buy so and so much Equihash shares from the others). If you’re only mining you are "seller" and this address always has a credit of 0 BTC in all Blockchain tools. Third, this could just be a remote desktop (see all TeamViewer icons on the desktop), i.e. the advertising board is just the display board and all the advertising and possibly mining and whatever else is being played from a remote back office desktop computer. So one does not have to put a high-performance server in every advertising board on the street and you can stream tens of same advertising boards from one server. Would actually be reasonable, as a "thin" terminal. That is, if someone is indeed mining then he’s doing it in the central office on the server, however the miner app is currently inactive as you can see in the picture. This does not necessarily have to be a hack attack, maybe the advertising content provider company is optimizing its hardware load and the streaming server still has some spare CPU resources so it can carry out other profitable activities in the background. Not to mention that a smart hacker would never use “NiceHash Legacy Miner” GUI application for hidden crypto mining. Instead, most hackers would preffer to run excavator or ccminer in a background process without any GUI or visible console, at least that’s what I would do ;-). Incidentally, the fact that this is a remote desktop, could also be confirmed by the installed backup programs "Acronis True Image 2015" and "Macrium Reflect" as seen on the desktop. A client would need no backup programs as installed applications, it is usually restored from a prepared image. But the server has to be backed up for sure. No one drives around and backs up the individual advertising boards...