Advertising Screens Hacked To Mine BitCoin

Spotted in London, . A large, Microsoft Windows-powered advertising hoarding has been hijacked.

An advertising screen takes up the whole wall of a retail store in London

It's not uncommon to see broken-down Windows displays - I run - which is dedicated to pointing and laughing at such mistakes. But this is the first time I've seen a display repurposed for profit!

The display shows a windows desktop with a variety of icons. There is a window open

It appears to be running NiceHash Miner Legacy. A BitCoin mining program for older computers.

Close up of the window. It is a BitCoin miner

I'm sure someone cleverer than me can figure out which wallet starts with 3Jgi6 and is receiving these coins.

Although, given that the hash-rate is zero, it may not be producing anything.

There's no way to know whether this is an external hack, or if an "enterprising" employee has decided to repurpose these computers on the weekend, or if the advertising industry has decided that mining is more profitable than encouraging people to enjoy a cool refreshing glass of blue milk.

If you've enjoyed this blog post, you can pay me in BitCoin.

Share this post on…

One thought on “Advertising Screens Hacked To Mine BitCoin”

  1. Fabian Suhr says:

    Well, first, the speed is 0.000 H / s, i.e. the application is not mining at all (either stopped or not even started). Second, "3Jgi6 ..." is a NicheHash internal billing address for the account. That is, when the miner is running, this bitcoin address is not automatically and constantly updated with all the tiny amounts of BTC gained / calculated by provided shares. The credit of this bitcoin address is always 0.00 BTC in the blockchain anyway. The payouts run from a NiceHash company cold wallet to a completely different Bitcoin address to be specified by the user in the "Withdrawal" process. The displayed BTC address will only be > 0, if you use it as the receiving address of the NiceHash account and manually transfer some amount to it, then you can order as a "buyer" to purchase something from the other miners (e.g. I want to buy so and so much Equihash shares from the others). If you’re only mining you are "seller" and this address always has a credit of 0 BTC in all Blockchain tools.
    Third, this could just be a remote desktop (see all TeamViewer icons on the desktop), i.e. the advertising board is just the display board and all the advertising and possibly mining and whatever else is being played from a remote back office desktop computer. So one does not have to put a high-performance server in every advertising board on the street and you can stream tens of same advertising boards from one server. Would actually be reasonable, as a "thin" terminal. That is, if someone is indeed mining then he’s doing it in the central office on the server, however the miner app is currently inactive as you can see in the picture. This does not necessarily have to be a hack attack, maybe the advertising content provider company is optimizing its hardware load and the streaming server still has some spare CPU resources so it can carry out other profitable activities in the background. Not to mention that a smart hacker would never use “NiceHash Legacy Miner” GUI application for hidden crypto mining. Instead, most hackers would preffer to run excavator or ccminer in a background process without any GUI or visible console, at least that’s what I would do ;-).
    Incidentally, the fact that this is a remote desktop, could also be confirmed by the installed backup programs "Acronis True Image 2015" and "Macrium Reflect" as seen on the desktop. A client would need no backup programs as installed applications, it is usually restored from a prepared image. But the server has to be backed up for sure. No one drives around and backs up the individual advertising boards...


What are your reckons?

All comments are moderated and may not be published immediately. Your email address will not be published.Allowed HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <p> <pre> <br> <img src="" alt="" title="" srcset="">