【双语】数字吸血鬼:挖矿软件正偷偷“劫持”计算机 | 经济学人

加密货币挖矿软件正悄无声息地占领计算机

Hijacking processing power cuts costs

“劫持”运算能力可降低成本

Apr 22nd 2026 | 4 min read

对加密货币挖矿是一项成本高昂的业务。生成新的数字货币（也被称作代币），需要计算机破解加密难题，这一过程耗电量巨大。降低成本的一种方式，是把矿场搬迁到电价最低的地区。而更省钱的办法，则是让别人来买单。例如，不法分子可以悄悄将计算机安置在建筑物夹层或储藏室里，盗用毫无防备的单位的电力资源进行挖矿。不过这类非法挖矿行为常会被查获，涉案人员不仅面临处罚，挖矿设备也会被没收。

A less risky and more scalable approach is to steal power by remotely sneaking crypto-mining software onto other people’s computers. Crypto-jacking, as this trick is known, is booming. Over the course of 2025, instances jumped by about 20%, according to a note in November from GreyNoise, an American security firm. Victims take quite a hit. A study published in 2022 by Sysdig, a security company based in San Francisco, estimates that every dollar in crypto thus generated costs victims an average of $53 in computing expenses.

有一种风险更低、更易规模化的手段：通过远程将加密挖矿软件偷偷植入他人电脑，从而盗用算力与电力。这种手段被称作加密劫持，如今正愈发泛滥。美国网络安全公司格雷诺伊斯在去年11月发布的报告称，2025年全年，加密劫持事件数量上涨约20%。受害者损失惨重。旧金山网络安全公司赛思迪格2022年发布的一项研究估算：黑客通过此类方式每获利1美元，受害者平均要承担53美元的算力损耗成本。

Part of the surge is due to the high value of cryptocurrencies in recent years (although there has been a drop in 2026). The barriers to crypto-jacking are also relatively low. The requisite software is readily obtained from underground web forums, says a specialist with Interpol’s cybercrime unit in Singapore who required anonymity to comment on operations. And installing such software on computers is less challenging than stealing data, or, in the case of ransomware, holding it hostage. The upshot is that crypto-jacking shows no sign of going away.

这类攻击事件激增，部分原因是近年来加密货币价值居高不下（尽管2026年价格有所回落）。加密劫持的作案门槛也相对较低。国际刑警组织新加坡网络犯罪部门一位不愿公开身份的专业人士表示，作案所需的软件在地下网络论坛上唾手可得。而且在他人电脑上植入这类软件，远比窃取数据、或是利用勒索软件锁定用户数据要容易得多。归根结底，加密劫持目前毫无消退迹象。

Among the most useful tools in crypto-jackers’ arsenal are web-crawling bots. These packets of codes sniff out computers with security settings that are weak or which have not been changed since purchase. Many such bots are now roaming cyberspace, tipping off their masters when opportunities are spotted. Advanced artificial-intelligence models could, in theory, help identify additional targets, but Michael Clark, head of threat research at Sysdig, believes their edge over existing bots is not large enough to justify the expense.

网络爬虫机器人是加密劫持者手中最得力的工具之一。这类代码程序会自动搜寻安全设置薄弱、或是出厂默认设置从未更改的电脑设备。目前大量此类爬虫机器人游荡在网络空间，一旦发现可乘之机，便会向操控者通风报信。理论上，先进的人工智能模型能够帮助挖掘更多攻击目标，但赛思迪格公司威胁研究主管迈克尔・克拉克认为，相比现有爬虫程序，人工智能的优势并不足以覆盖其使用成本。

When vulnerabilities are found, crypto-jackers are often among the first to exploit them. Corporate computers rendered vulnerable by a configuration error are often commandeered within an hour, says Mr Clark. Servers are particularly attractive targets. They are always on, and surges in traffic are common. Also, because servers act as data-processing hubs for other computers, crypto-jacking software can often replicate itself on the network’s spokes.

一旦发现系统漏洞，加密劫持者往往会第一时间加以利用。克拉克表示，因配置错误而存在漏洞的企业计算机，通常在一小时内就会被劫持。服务器更是极具吸引力的攻击目标：它们长期在线，网络流量波动本就十分常见，不易被察觉。此外，服务器作为多台设备的数据处理中枢，加密劫持软件往往还能在网络各分支节点自行扩散传播。

Another way crypto-jackers can access computers is by finding login credentials unwittingly posted online. GitHub, a massive online repository of code, is a good place to look. And if a bot cannot find a server password, it might be able to guess it. In January 2025 it emerged that one such “password-spray attack” allowed crypto-jacking software to be run on servers rented by USAID, an American government agency, at a cost of nearly $500,000.

加密劫持者入侵电脑的另一种方式，是搜集用户无意间泄露在网上的登录凭证。大型在线代码托管平台GitHub就是他们重点搜寻的目标。即便爬虫机器人找不到服务器密码，也可以通过暴力破解进行猜解。2025年1月曝光一起密码喷洒攻击事件：攻击者借此将加密挖矿软件植入美国政府机构美国国际开发署租用的服务器中，造成近50万美元的经济损失。

Even bigger scams have come to light. In 2024 Ukrainian police, helped by Europol, arrested a man in Mykolaiv alleged to have used password-cracking software to mine cryptocurrency worth nearly $2m over the course of two years. On August 15th 2025 America’s Department of Justice announced that a Nebraska man had crypto-jacked nearly $1m in tokens while simultaneously running up more than $3.5m in cloud-computing fees for his victims. He was sentenced to a year in prison.

更大型的诈骗案件也接连曝光。2024年，乌克兰警方在欧洲刑警组织协助下，于尼古拉耶夫市逮捕一名男子。该嫌疑人涉嫌利用密码破解软件，两年内非法挖取价值近200万美元的加密货币。2025年8月15日，美国司法部通报，内布拉斯加州一名男子通过加密劫持盗取价值近100万美元的代币，同时给受害者造成逾350万美元的云计算费用损失。此人最终被判处一年监禁。

In recent years personal laptops and mobile phones have replaced corporate servers as prime targets, says Alex Delamotte of SentinelOne, a security firm in Mountain View, California. She attributes this to the rising value of Monero, one of the relatively few cryptocurrencies that can be mined on personal devices.

加州山景城网络安全公司“哨兵一号”的亚历克斯・德拉莫特表示，近年来，个人笔记本电脑和手机已取代企业服务器，成为加密劫持的首要攻击目标。她认为原因在于门罗币价格持续走高，而门罗币是少数几款可在个人设备上进行挖矿的加密货币之一。

Individuals are also likely to be softer targets than outfits with a dedicated cybersecurity team. Scripts used for crypto-jacking—a list that includes Crypto-Loot, Minr and XMRig—can be illicitly embedded in email attachments, free apps, online “malvertisements” and even web browsers. When unsuspecting users click or visit, parasitic code invisibly deploys, often bypassing antivirus protection. In July c/side, a security firm in San Francisco, said it had discovered more than 3,500 websites infected with a stealthy crypto-jacking script it described as a “digital vampire”.

相比于配备专业网络安全团队的企业机构，个人用户往往更容易成为被攻破的目标。用于加密劫持的挖矿脚本（包括Crypto-Loot、Minr、XMRig等）可被非法植入邮件附件、免费应用、网络恶意广告，甚至网页浏览器中。毫无防备的用户一旦点击链接或访问相关页面，寄生代码便会在后台悄然部署，且通常能够绕过杀毒软件的防护。旧金山安全公司C/SIDE于7月发布消息称，其已发现超过3500个网站“感染”了一款隐蔽的加密劫持脚本，并将其称作数字吸血鬼。

These problems continue to get worse, says the expert from Interpol. Crypto-jacking scripts are increasingly packaged as “fileless” code, which is much harder to spot when uploaded to a given device. Google tacitly acknowledged its inability to stamp out crypto-jacking on its cloud service when it introduced, in 2023, a programme to provide certain victims credits worth up to $1m for losses incurred over any 12-month period.

这位国际刑警组织专家表示，此类问题还在持续恶化。如今加密劫持脚本越来越多地被封装为无文件代码，这类代码植入设备后更难被检测发现。谷歌在2023年推出一项补偿计划，可为部分受害用户赔付最高100万美元、覆盖任意12个月内的损失，此举也变相承认其无法在自家云服务上彻底杜绝加密劫持行为。

Security firms, however, aim to adapt. New forensic software packages analyse processing loads, data traffic and electricity usage, flagging spikes and other suspicious patterns. And heavyweights, Google and Microsoft included, are increasingly folding advanced AI models into such offerings. Some hope that these models will become experts at spotting crypto-jackers’ tricks as well as—eventually—automatically deleting malicious code. Until the cryptocurrency bubble bursts, though, expect the arms race to continue. ¢

不过，各大安全企业正积极做出应对。新型取证软件套件能够分析设备算力负载、数据流量及用电量，对流量骤增和各类异常行为模式进行标记预警。谷歌、微软等行业巨头也正逐步将先进人工智能模型融入这类安全防护产品中。业内有人期待，这些AI模型未来不仅能精准识别加密劫持的各类作案手段，还能自动清除恶意代码。但在加密货币泡沫破裂之前，这场攻防军备竞赛注定还会持续下去。