In a world that continues to digitize, more people are engaging in online financial transactions. This transformation has led to the rise of cryptocurrencies. While virtual currencies have many benefits, there are also risks associated with its use, among which is cryptojacking.
What is cryptojacking?
The cryptojackingalso known as malicious cryptominingis a threat that embeds itself in a computer or mobile device. It then uses the resources of the victim device to mine cryptocurrency. It is a dangerous threat which can take control of Internet browsers and compromise a wide range of devices (laptops, PCs, smartphones, network servers, …). With just a few lines of code, cryptojackers can take control of the resources of any computer.
Consequences: response time becomes slower, the machine uses more of its processors, devices overheat, etc. Cryptojackers use these resources to both Steal cryptocurrency from digital wallets and to let computers extract valuable data. Like many forms of cybercrime, money is still the primary motivation for the threat. But unlike others, cryptojacking is designed to operate without the victims’ complete knowledge.
Cryptocurrency mining and miner, what is it all about?
Cryptocurrencies use a distributed database, known as a blockchain to function. The blockchain is regularly updated with information about all transactions that have taken place since the last update. Each set of recent transactions is combined into a block using a complex mathematical process.
To produce new blocks, cryptocurrencies rely on experts to provide the computing power. These experts are the “miners”. And they are rewarded with cryptocurrency. The largest cryptocurrencies use teams of miners running dedicated computer platforms to perform the necessary mathematical calculations. This activity requires a significant amount of electricity. The Bitcoin network, for example, currently consumes over 73 TWh of energy per year.
Cryptojackers and the future of cryptojacking
Cryptojackers are people who wish to Enjoy the benefits of cryptocurrency mining without having to invest at startup.. In other words, the cryptojacker doesn’t invest in expensive mining hardware and bypasses large electricity bills. Cryptojackers primarily mine Monero, a type of cryptocurrency that is particularly difficult to trace.
Coinhive’s code was quickly abused. A mining script could indeed be injected into a website by hackers without the website owner’s knowledge. Coinhive was shut down in 2019. Cryptojackers are primarily motivated by money. Crypto-currency mining can indeed be very lucrative. Cryptojacking is the criminal manifestation of cryptomining. This activity provides an illegitimate, yet effective and cheap way to mine valuable coins.
How does cryptojacking work?
Cybercriminals hack devices to install cryptojacking software. The software runs in the background, mining cryptocurrencies or stealing from virtual currency wallets.
Installing the cryptojacking software
To get a victim’s device to secretly mine cryptocurrencies, hackers typically use the following techniques:
- forcing the victim to click on a malicious link in an e-mail that uploads the cryptomining code to the computer.
In both cases, the code places the cryptojacking script on the devicewhich runs in the background while the victim is working. Regardless of the method used, the script runs complex mathematical problems on the victims’ devices and sends the results to a server that the hacker controls.
A drop in performance as the only sign for victims
Unlike other types of malware, cryptojacking scripts do not damage victims’ computers or data. However, they do steal computer processing resources. For home users, slower computer performance is at most inconvenient. But cryptojacking is a real problem for businesses.
Indeed, organizations with many cryptojacked systems incur additional expenses. For example, these can be caused by the replacing components or systems. This is done in the hope of solving the performance problem. There is also the time investment for the IT department. Many cryptojacked systems also generate additional costs on the electricity bill.
From cryptomining to cryptojacking
Malicious versions of cryptomining, i.e. cryptojacking, do not require authorization and continue to run long after leaving the original site, unbeknownst to the users. The code uses just enough system resources to go unnoticed. Although the user thinks that the visible browser windows are closed, a hidden window remains open. Often, this can be a pop-under. This is sized to fit under the taskbar or behind the clock.
Cryptojacking can also infect Android mobile devices using the same methods that target desktop computers. Some attacks occur via a Trojan horse hidden within a downloaded application. Users may also be redirected to an infected site, leaving a persistent pop-under. Some cryptojacking scripts have worming capabilities that allow them to infect other devices and servers on a network. This makes them more difficult to identify and remove. These scripts can also check if the device is already infected with competing cryptomining malware. If another cryptominer is detected, the script disables it.
Some examples of cryptojacking attacks
Here are some examples of high-level cryptojacking.
The cryptojacking code hidden in the Los Angeles Times’ Homicide Report page
At 2018, Cryptojacking code was discovered hidden in the Los Angeles Times’ Homicide Report page. When visitors visited the page, their devices were used to mine a popular cryptocurrency called Monero. The threat went undetected for some time. The computing power used by the script was indeed minimal. Therefore, users were not able to know that their devices had been compromised.
Attack on a European water utility control system
Still in 2018, Cryptojackers targeted the network of a European water utility control system. This seriously affected the operators’ ability to manage the plant. This was the first known case of a cryptojacking attack against an industrial control system. As with the hacking of the Los Angeles Times, the miner was generating Monero.
Other attacks in 2018
In early 2018, it was revealed that the minor Coinhive was running on YouTube ads via Google’s DoubleClick platform. In July and August 2018, a cryptojacking attack infected over 200,000 MikroTik routers in Brazil, injecting CoinHive code into a huge amount of web traffic.
Eight cryptojacking apps boosted by Microsoft Store
How to detect cryptojacking?
Cryptojacking is difficult to detect. The process is indeed often hidden or looks like benign activity on your device. However, here are three signs to watch out for.
One of the main symptoms of cryptojacking is the decreased performance of your computing devices. Slower systems may be the first sign to watch for. If your device is running slowly, crashing, or exhibiting unusually poor performance, this should be a red flag. Another potential indicator is a battery that is draining faster than usual.
Cryptojacking is a process Resource-intensive which can lead to overheating of the equipment computer equipment. This can damage the computer or shorten its lifespan. If your laptop or computer’s fan is running faster than usual, it may indicate that a cryptojacking script is heating up the device.
Central Processing Unit (CPU) Usage
Increased CPU usage while on a website with little or no multimedia content may be a sign that cryptojacking scripts are running. Check CPU usage (CPU) of your device using the activity monitor or task manager is a good test for cryptojacking. But when your computer is running at full power, the script will run slowly, making it harder to detect.
How to protect yourself from cryptojacking
Use a good cybersecurity program
A comprehensive cybersecurity program Will help detect threats at all levels. This solution can provide protection against cryptojacking malware. As with all other malware precautions, it is best to install the security before becoming a victim. Experts also recommend installing the latest software updates and patches. This is for your operating system and all applications, especially those for web browsers.
Pay attention to the latest trends in cryptojacking
Cybercriminals are constantly changing code and coming up with new delivery methods to embed updated scripts on your computer system. Be proactive and stay on top of the latest cybersecurity threats Can help you detect cryptojacking on your network and devices. It also helps to avoid other types of cybersecurity threats.
Use browser extensions designed to block cryptojacking
Cryptojacking scripts are often deployed in web browsers. You can use specialized browser extensions to block cryptojackers on the web. These extensions like minerBlock, No Coin and Anti Miner are installed in some popular browsers.
Use ad blockers
Given that cryptojacking scripts are often distributed via online advertisements, installing an ad blocker can be an effective way to stop them. Using an ad blocker like Ad Blocker Plus can both detect and block malicious cryptojacking code.
Block pages known to deliver cryptojacking scripts
To prevent cryptojacking when visiting websites, make sure that every site you visit is on a carefully vetted whitelist. You can also blacklist sites known for cryptojacking. But this can still expose your device or network to new cryptojacking pages.
Cryptojacking may seem like a relatively harmless crime since the only thing “stolen” is the power of the victim’s computer. But the use of computing power for this criminal purpose is done without the knowledge or consent of the victim. This is for the benefit of criminals who illicitly create money. Experts recommend following good cybersecurity practices to minimize risk for all devices.