Hackers Hijack Retailers’ Showroom PCs for Cryptocurrency Mining

Nermin Hajdarbegovic
Oct 9, 2014 at 13:40 UTC
Updated Oct 9, 2014 at 20:17 UTC

Dutch hackers have started hijacking laptops showcased in retail stores and using them for cryptocurrency mining, according to a report.

The stores involved have admitted that an undisclosed number of display samples were affected by malware and said they would take steps to eliminate the practice.

Dutch tech publication Computerworld reported the problem on 7th October after a computer science student revealed that laptops in the Media Markt chain of shops have been exposed to mining malware for some months.

Computerworld found that a total of 105 laptops were part of a botnet and that an estimated €500 had been generated in mining revenue over that time.

Media-Saturn Netherlands, owner of Media Markt, said it should not be possible to run malware on the machines as “a display model should require the password of an administrator”, adding:

“We will consult with our locations and suppliers […] Where necessary, we will come up with new or more stringent protocols.”

Several other stores were found to have a risk of malware, namely Paradigit, MyCom and Computerland, according to the report.

Seeking solutions

Upon further examination, the reporters found that the retail stores in question suffered from lax security that made it easy for malicious individuals to access the computers and install malware.

In addition to mining cryptocurrencies, the attackers also used the infected machines to steal personal data and spy on visitors using the webcams.

BAS Group, the owner of MyCom, Dixons and iCentre stores, said it was not surprised by the problems, but that it was seeking solutions that ensure the malware would not be accessible to consumers.

BAS CIO Lub Ten Napel described the problem as a “delicate situation”, since the stores have to provide Internet access on showroom computers, meaning they cannot offer maximum security without undermining the customer experience.

“We once taped webcams, but customers want to test everything and therefore the tapes had to go off. Also, we have posted memos that warn visitors of the dangers, but those kinds of warnings scare off consumers too,” he said.

Boosting security

The BAS Group currently operates 200 stores and caters to 160,000 shoppers each month. Ten Napel said the company is looking into ways of improving security, while at the same time allowing shoppers to try potential purchases

It is possible to run some laptops in ‘kiosk mode’, which limits access on display models. However, that functionality is only available on relatively new Windows 8.x systems and is not necessarily installed on store PCs.

The company indicated it plans to start running more showroom samples in kiosk mode as soon as possible.

The student who originally tipped off Computerworld argues that Internet access on store samples could be restricted, along with USB functionality. Furthermore, hard drives could also be wiped overnight, rendering the machines safe the next morning.

Low returns

Bitcoin mining malware has been around for some time and it is still spreading, despite the fact that it is practically obsolete.

A recent McAfee report found that mining botnets were rendered futile due to the increase in bitcoin mining difficulty, but cybercriminals are still opting to use them in the hopes of easy gains.

Bitcoin mining malware is widely available online, and many malware designers choose to integrate it in their malicious software as an option for buyers.

However, the heat and noise produced by illicit bitcoin mining is easy to spot, leading to greater botnet attrition rates, while at the same time generating little in the way of profits for the attacker.

Computer shop image via Shutterstock