Many cryptocurrencies have been associated with cybercrime, especially Monero, which has led to many people considering them unethical. And the fact that cryptocurrency miners are at the top of the worldwide ranking of threats only worsens their image.

A few months ago we tried to explain why mining scripts were being detected as “potentially unwanted applications”, since these scripts are not malicious by themselves, but when used without the required permission and in an unethical way they can be troublesome for users. No tool is good or bad —it all depends on who uses it and what they use it for.

And so this article explores a case in which cryptocurrency mining is being used for a noble act and a good cause. As is the case for UNICEF, which has discovered a pioneering new way of raising funds for its humanitarian causes. This year, the NGO launched two campaigns in which it does not ask for direct money donations, but rather computer resources and processing power for cryptocurrency mining.

The first campaign was launched in February, 2018 under the “Game Chaingers” program, and ran until March 31. It was an initiative of UNICEF France, and its aim was to raise funds for children in Syria who are severely affected by the humanitarian crisis and the war. This campaign ended on March 31.

The second campaign is currently active, and was launched by UNICEF Australia on April 29. A site called “TheHopePage” was created for this campaign, with the aim of raising funds for the approximately 340,000 Burmese children who are currently refugees in Bangladesh due to the violent crisis unleashed in their home country.

Each of these charity campaigns promoted by different UNICEF offices were explored in detail by the ESET Latin America Laboratory, with the aim of making users more aware of this matter by providing relevant information. Because behind the pioneering new concepts like these, malicious campaigns always crop up that take advantage of the novelty to deceive users.

Game Chaingers: UNICEF France Campaign to Mine Ethereum and Help Syrian Children

The name “Game Chaingers” was strategically chosen to include the word “chain”, which is a reference to the blockchain technology that supports cryptocurrencies like Ethereum (the one used in this program). This campaign can be viewed on the site chaingers.io, and is aimed at eSports players, gamers, designers, and other users who have powerful computers with high-performance graphics cards, since the Ethereum mining process requires a lot of processing power.

The process of mining Ethereum for the benefit of UNICEF is really simple, since the mining client (or miner) can be downloaded with UNICEF’s wallet data preconfigured and based on your graphics card model and operating system. Once the miner is downloaded, all you have to do is run it via a shortcut to start mining.

However, taking this past campaign as an example, there are some issues to be considered before you start donating your resources. The first is the electrical consumption that this generates. According to the UNICEF website, a computer with a standard graphics card mining Ethereum consumes around 0.16 kWh, which is similar to the consumption used when playing a high-quality video game. This consumption should not be a problem if you only plan to donate a couple of hours a day, but it is definitely something that must be calculated if you plan to leave the miner running 24 hours a day.

It is also a known fact that intensively using and overloading processors can eventually damage a computer or cause some of its circuits to burn out. For this reason, you should always consider the processing percentage and power that will be used for mining.

And while UNICEF has clarified that the amount of resources assigned can be configured to avoid overloads, the fact remains that, by default, the miner is configured to use 100% of the processing power.

This last image shows the values configured in the miner at 100%. The parameters GPU_MAX_ALLOC_PERCENT and GPU_SINGLE_ALLOC_PERCENT indicate the processing percentage of the graphics card to be used, while GPU_MAX_HEAP_SIZE indicates the amount of memory. And while these values can be edited within the script, changing them could be cumbersome for some users who want to just run the file without taking such precautions.

TheHopePage: UNICEF Australia’s Campaign to Mine Monero and Help Refugee Children in Bangladesh

This is the current campaign launched by UNICEF Australia, which aims to raise funds for Burmese children who are refugees in Bangladesh as a result of the crisis. This campaign is aimed at all users, since it uses Monero mining scripts through a browser.

To collaborate in this initiative, simply visit the site TheHopePage.org and click on the “Start Donating” button.

This option is interesting, since the campaign uses the latest version of the CoinHive API called AuthedMine, which is characterized by not starting to use system resources without the user’s permission (a user opt-in notice appears). It is clear that after the many problems that CoinHive has had due to the improper use of its scripts, it needed to launch a new version to redeem itself; although the code is still obscured so it can try to go unnoticed by security software.

Returning to the UNICEF campaign, once you click on the link to start donating, the site allows you to choose the amount of processing power you want to provide to resolve the mathematical algorithms needed to calculate hashes, and is much more friendly than the previous campaign.

At this point, it is important to bear in mind that the percentage chosen will be the amount of your computer’s processing power that you are granting to the mining script. So if you choose 100%, you are allowing all of your processing power to be used by the script, which will make your computer run slower and could even cause problems for other applications.

Apart from the precautions that should be taken when mining cryptocurrencies, it is very interesting to see how an NGO has managed to use cryptocurrency mining in a noble and profitable way, while temporarily removing us from the tricks and deceptions that attackers use, which unfortunately are standard practices that we have become accustomed to.

But then again, and as we said at the start of this article, we must never lose sight of the fact that whenever a new idea emerges, it is only a matter of time before social engineering efforts emerge that try to take advantage of the novelty and pose as a legitimate campaign to deceive users. For this reason, it is better to be vigilant than to fall victim to a false fundraising campaign, regardless of whether traditional currencies or cryptocurrencies are involved.

Cecilia Pastorino 29 May 2018 – 01:58PM