Bash on Windows: a hidden bitcoin goldmine?

Profile image of Mattias Geniar

Mattias Geniar, April 17, 2016

Follow me on Twitter as @mattiasgeniar

Bash on Windows is available as an insider preview, nothing generally available and nothing final (so this behaviour hopefully will still change). Processes started in Bash do not show up in the Windows Task Manager and can be used to hide CPU intensive workers, like bitcoin miners.

I ran the sysbench tool inside Bash (which is just a apt-get install sysbench away) to stresstest the CPU.

$ sysbench --test=cpu --cpu-max-prime=40000 run

That looks like this:

1_bash_windows_sysbench

The result: my test VM went to 100% CPU usage, but there is no (easy?) way to see that from within Windows.

The typical task manager reports 100% CPU usage, but can’t show the cause of it.

2_bash_windows_task_manager

The task history, which can normally show which processes used how much CPU, memory or bandwidth, stays blank.

3_bash_windows_task_history

There’s a details tab with more specific process names etc., it’s not shown there either.

5_bash_windows_details

And the performance tab clearly shows a CPU increase as soon as the benchmark is started.

4_bash_windows_performance

To me, this shows an odd duality with the “Bash on Windows” story. I know it’s beta/alpha and things will probably change, but I can’t help but wonder: if this behaviour remains, Bash will become a perfect place to hide your Bitcoin miners or malware.

You can see your server or desktop is consuming 100% CPU, but finding the source can prove to be very tricky for Windows sysadmins with little Linux knowledge.

Update: this is a confirmed and fixed issue in the BashOnWindows team. So we should expect this to be fixed in the next release!



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.