Hackers Hijack Retailers' Showroom PCs for Cryptocurrency Mining

Dutch hackers have started hijacking laptops showcased in retail stores and using them to mine bitcoin.

AccessTimeIconOct 9, 2014 at 12:40 p.m. UTC
Updated Dec 12, 2022 at 12:56 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Dutch hackers have started hijacking laptops showcased in retail stores and using them for cryptocurrency mining, according to a report.

The stores involved have admitted that an undisclosed number of display samples were affected by malware and said they would take steps to eliminate the practice.

Dutch tech publication Computerworld reported the problem on 7th October after a computer science student revealed that laptops in the Media Markt chain of shops have been exposed to mining malware for some months.

Computerworld found that a total of 105 laptops were part of a botnet and that an estimated €500 had been generated in mining revenue over that time.

Media-Saturn Netherlands, owner of Media Markt, said it should not be possible to run malware on the machines as "a display model should require the password of an administrator", adding:

"We will consult with our locations and suppliers [...] Where necessary, we will come up with new or more stringent protocols."
Several other stores were found to have a risk of malware, namely Paradigit, MyCom and Computerlandhttp://www.computerland.nl/default.aspx, according to the report.

Seeking solutions

Upon further examination, the reporters found that the retail stores in question suffered from lax security that made it easy for malicious individuals to access the computers and install malware.

In addition to mining cryptocurrencies, the attackers also used the infected machines to steal personal data and spy on visitors using the webcams.

BAS Group, the owner of MyCom, Dixons and iCentre stores, said it was not surprised by the problems, but that it was seeking solutions that ensure the malware would not be accessible to consumers.

BAS CIO Lub Ten Napel described the problem as a "delicate situation", since the stores have to provide Internet access on showroom computers, meaning they cannot offer maximum security without undermining the customer experience.

"We once taped webcams, but customers want to test everything and therefore the tapes had to go off. Also, we have posted memos that warn visitors of the dangers, but those kinds of warnings scare off consumers too," he said.

Boosting security

The BAS Group currently operates 200 stores and caters to 160,000 shoppers each month. Ten Napel said the company is looking into ways of improving security, while at the same time allowing shoppers to try potential purchases

It is possible to run some laptops in 'kiosk mode', which limits access on display models. However, that functionality is only available on relatively new Windows 8.x systems and is not necessarily installed on store PCs.

The company indicated it plans to start running more showroom samples in kiosk mode as soon as possible.

The student who originally tipped off Computerworld argues that Internet access on store samples could be restricted, along with USB functionality. Furthermore, hard drives could also be wiped overnight, rendering the machines safe the next morning.

Low returns

Bitcoin mining malware has been around for some time and it is still spreading, despite the fact that it is practically obsolete.

A recent McAfee report found that mining botnets were rendered futile due to the increase in bitcoin mining difficulty, but cybercriminals are still opting to use them in the hopes of easy gains.

Bitcoin mining malware is widely available online, and many malware designers choose to integrate it in their malicious software as an option for buyers.

However, the heat and noise produced by illicit bitcoin mining is easy to spot, leading to greater botnet attrition rates, while at the same time generating little in the way of profits for the attacker.

Computer shop image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.