Cryptojacking is one of many cybercrimes that involves the unauthorised use of a person’s devices etc (computers, tablets, smartphones, or even servers) by which cybercriminals use to mine for cryptocurrency. Like many ways of cybercrime, the end goal is profit, but unlike some threats, it is designed to stay completely hidden from it’s victim.
What is cryptojacking?
Cryptojacking is a threat that embeds itself within the user’s computer or mobile device and then uses its resources to mine for cryptocurrency. Cryptocurrency is a digital or virtual money, which takes the form of “coins” or tokens. The most popular is Bitcoin, but there are approximately 3,000 other forms of cryptocurrency and while some cryptocurrencies have made way and ventured into the physical world through credit cards or other projects — most have remained virtual.
Cryptocurrencies use a distributed database, known as a ‘blockchain’ to operate. The blockchain is frequently updated with information about all the transactions that take place since the last update. Each set of recent transactions is combined into a ‘block’ using a complex mathematical process.
To produce new blocks, cryptocurrencies rely on individuals to provide the computing power. Cryptocurrencies then reward people who supply the computing power with cryptocurrency. Those who trade their computing resources for currency are called “miners”.
The larger cryptocurrencies use a team of miners running a structured computer rig to complete the necessary calculations. The activity requires the use of s significant amount of electricity – for example, the Bitcoin network currently uses more than 73TWh of energy per year to mine for crypto.
Cryptojackers and the future of cryptojacking
That is where cryptojacking comes in: cryptojackers are people who seek the benefits of cryptocurrency mining without incurring the huge costs. By not paying for the expensive hardware or large electricity bills required to mine, cryptojacking allows hackers to mine for cryptocurrency without the large overheads. The type of cryptocurrency primarily mined on personal computers is Monero, which appeals to cybercriminals because it is difficult to trace.
There is some debate as to whether cryptojacking is in decline or on the rise. Cryptojacking tends to rise in proportion to the value of cryptocurrencies, particularly Bitcoin and Monero. But in recent years, two factors authentication have had a dampening effect on cryptojacking:
Crackdowns by law enforcement.
The shutdown of Coinhive, which was the leading site which dealt with cryptominers. Coinhive provided JavaScript code that websites could incorporate to make visitors’ computers mine for Monero. Coinhive’s code was quickly abused: they then implemented a mining script could also be injected into a website by hackers without the site owner’s knowledge. The site shut down in March 2019, with that, the number of site infections went took a sharp decline.
There is mainly one motive behind a cryptojacking attack is simple: money. Mining cryptocurrencies can be very lucrative, but making a profit is challenging without the means to cover the costs. Cryptojacking is the criminal display of cryptomining and offers an illegitimate but effective way to mine valuable coins.
How does cryptojacking work?
Cybercriminal’s hack into the devices to then install cryptojacking software. The software then works in the background, mining for cryptocurrencies or stealing from the persons cryptocurrency wallets. The unsuspecting victims will still use their device throughout the day, though they may notice slower performance or lags.
Hackers have two primary ways to get a victim’s device to secretly mine for cryptocurrencies:
By getting the victim to click on a link in an email that loads a cryptomining code onto their computer
By infecting a website or online ad with JavaScript code that goes into autopilot once loaded into the victim’s browser
Hackers often use both methods to maximize their return. In both cases, the code places the cryptojacking script onto the device, which runs in the background as the victim works. Whichever method is used, the script runs complex mathematical problems on the victims’ devices and sends the results to a server which the hacker controls.
Unlike other types of malwares, cryptojacking scripts do not damage the users’ computers or harms the victims’ data. However, they steal the computer processing resources needed. For individual users, slower computer performance might simply be an annoying regular occurrence. But cryptojacking is an issue for business because organizations with many cryptojacked systems incur real costs. For example:
Desk help and IT time spent tracking down performance issues and replacing components or systems in the hope of solving the problem
Increased electricity costs.
Some cryptomining scripts have worming capabilities which allow them to infect other devices and servers on the network they decide to infect. This makes them more difficult to detect and remive remove. These scripts also check to see if the device is already infected by competing cryptomining viruses. If another cryptominer is detected, the script disables it and try to block them out.
In early instances of cryptomining, some web publishers sought to monetize their traffic by asking visitors’ permission to mine for cryptocurrencies while on their site. They saw it as a fair exchange: visitors would then receive free content while the sites would use their computer for mining purposes. For example, on gaming sites, users will stay on the page for some time while the JavaScript code will mine for coins. Then when they leave the site, the cryptomining would end. This approach can work if sites are more honest about what they are doing. The tricky thing for users is not being able to know whether sites are being honest or not.
Malicious versions of cryptomining – i.e., cryptojacking – don’t ask for permission and keep running long after you leave the initial site. This is a technique used by owners of suspicious sites or hackers who have compromised legitimate sites. Users have no idea that the site they visited was using their computer to mine cryptocurrency. The code will use just enough of systems resources to remain unnoticed. Although the user thinks the visible browser windows are closed, a hidden one stays open.
Cryptojacking can infect even Android mobile devices, using the same methods that target desktops. Attacks can occur through a Trojan virus hidden in a downloaded app. Or the users phones can be redirected to an infected site, which leaves a persistent pop-under. While individual phones have relatively limited processing power, when attacks occur in large numbers, they provide enough collective strength to justify the cryptojackers’ efforts.
High profile examples of cryptojacking:
In 2019, eight separate apps that secretly mined cryptocurrency with the resources of whoever downloaded them were taken down from the Microsoft Store. The apps supposedly came from three different developers, although it was suspected that the same individual or organization was behind all those apps. Potential targets could encounter the cryptojacking apps through keyword searches within the Microsoft Store also, and on lists of the top free apps. When a user downloaded and launched one of the apps, they would inconspicuously download and start the cryptojacking JavaScript code. The miner would activate and start looking for Monero, using up a significant amount of the device’s resources and start slowing it down.
In 2018, a cryptojacking code was discovered concealed within the Los Angeles Times’ Homicide Report page. When visitors would go to the Homicide Report page, their devices were used to mine a popular cryptocurrency called Monero. The threat wasn’t detected for a while because the amount of computing power the script used was minimal, so many users would not be able to detect that their devices had been compromised.
In 2018, cryptojackers targeted the operational technology network of a European water utility control system, seriously impacting the operators’ ability to manage the utility plant. This was the first known instance of a cryptojacking attack against an industrial control system. Similar to the Los Angeles Times hack, the miner was generating Monero.
Cryptojacking detection can be difficult because the process is often made to hidden or made to look like a normal activity on your device. However, there are three signs to watch out for:
Cryptojacking detection – 3 things to look out for
Decreased performance –
One key symptom of cryptojacking is decreased performance on your devices. Slower systems can be the first sign you should be aware of, so be alert to your device running slowly, crashing, or exhibiting unusually poor performance. Your battery draining more quickly than usual could be another potential indicator.
Overheating Cryptojacking is a resource-intensive process that can cause computing devices to overheat. This can lead to the damage or shorten their lifespan of the computers. If your laptop or computer’s fan is running faster than usual, this could indicate a cryptojacking script or website that may cause the device to heat up, and your fan is running to prevent the melting or fire of your device.
Central Processing Unit (CPU) usage:
If you see an increased usage of the CPU when you are on a website with little or no media content, it may be a sign that cryptojacking scripts are being run on your device. A good cryptojacking test is to check the central processing unit (CPU) usage of your device using the Activity Monitor or Task Manager. However, take in consideration that processes maybe hiding themselves or masking as something to hinder you from stopping the abuse. Also, when your computer is running at maximum capacity, it will run slow, and then it can be harder to troubleshoot.
Protect yourself against cryptojacking.
Use a good cybersecurity program:
A cybersecurity program such as Kaspersky Total Security will help to detect and deal with threats across the board and can provide cryptojacking malware protection. As with all other antivirus precautions, it is much better to install security before and not take the chance of becoming a victim. It is also good practice to install the latest software updates and patches for your operating system and all applications — especially those concerning web browsers.
Be alert to the latest cryptojacking trends:
Cybercriminals are constantly modifying codes and coming up with new methods to embed updated scripts onto your computer system. Being intune and staying on top of the latest cybersecurity threats can help you detect cryptojacking on your network and devices and protect your systems from other types of cybersecurity threats.
Use browser extensions designed to block cryptojacking:
Cryptojacking scripts are often deployed in web browsers. You can use browser extensions to block cryptojackers across the web, such as minerBlock and Anti Miner. They install as extensions in some popular browsers etc, Google Chrome and Mozilla Firefox.
Use ad blockers:
Since cryptojacking scripts are often delivered through online ads, installing an ad blocker is an effective means of stopping them. Using an ad blocker like Adblock Plus which can both detect and block corrupt cryptojacking code.
Disable JavaScript:
When browsing online, disabling JavaScript can prevent cryptojacking code from infecting your computer. However, although that interrupts the drive-by cryptojacking, this could also block you from using functions that you need.
Block pages known to deliver cryptojacking scripts:
To prevent cryptojacking while you visit websites, make sure each site you visit is a vetted whitelist. You can also blacklist sites known for cryptojacking, but this can still leave your device or network exposed to new cryptojacking pages.
Cryptojacking might seem relatively harmless and not a big crime since the only thing ‘stolen’ is the power of the victim’s computer. But the use of computing power for this criminal purpose is being done without the knowledge or consent of the victim, for the benefit of criminals who are illicitly creating currency. We recommend following good cybersecurity procedures to minimise the risks and to install trusted cybersecurity or internet security onto your devices.
