4

I noticed a program I recently downloaded cause my CPU usage increase by 30 percent and 80% GPU usage increment in idle state. It is not a GPU intensive program at all. I am worried about it using my computer to mine crypto. Is there a way to check this or find more direct evidences?

A-Sharabiani
  • 103
  • 4
John Wang
  • 43
  • 2

2 Answers2

5

This will depend on your skill and experience with understanding how applications work, along with how well the application is trying to hide its nefarious purposes.

At a very basic level, Cryptominers try to max out unused cycles, so you would expect to see your CPU/GPU pegging at max, so a first glance would suggest the app is not doing that.

However, it could be written to play nice, in which case you could check its behaviour and see if it changes when running a number of other applications or when idle - an intelligent coder may try to ramp up usage when you are away from the machine.

Or you could look at its storage space - what is the program doing with data?

Or better yet, what is it receiving or transmitting when it connects to the Internet, or what is it connecting to?

Or if you can, try reading the code to look for cryptomining code - the most popular ones may show up in a virus scan these days!

Rory Alsop
  • 61,507
  • 12
  • 118
  • 322
  • Much of the time, cryptominers actually connect to legitimate mining pools, so simply checking the rDNS of whatever it is connecting to may give this away. After all, given how much work mining a single block requires, even a moderately-sized botnet needs the help of an existing mining pool to get anything done. – forest Feb 27 '18 at 03:26
  • Good point @forest - I have updated to include "what is it connecting to?" – Rory Alsop Feb 27 '18 at 09:06
0

Regarding potential malware, there is no way to know for sure.

What you can do, though, is look for unusual/unwanted activity. Just like nobody wants a timer app that requires access to your microphone and contact list, nobody wants an app that consumes more computer resources than it needs toβ€”whether it's mining crypto or not.

If you are specifically looking for crypto mining, you'll want to look for: 1) excessive usage of resources like your CPU and/or GPU. You have already noticed this 2) strange networking requests; when mining crypto, miners have to keep in sync with the rest of the network and they need to send data when they successfully mine a block 3) known cryptomining code. As mentioned by @RoryAlsop, some developers just copy-paste existing code into their own codebase for effortless nefarious profit. Antivirus software can help with this, but you must remember that not all developers use the same code, and not everything can be caught with antivirus software.

user196499
  • 1,121
  • 7
  • 11