What is Cryptojacking and how does it work?
Cryptojacking refers to a form of cybercrime wherein cybercriminals exploit people’s devices (such as computers, smartphones, tablets, or servers) without authorization to mine cryptocurrency. Similar to various cybercrimes, the primary objective is financial gain; however, unlike other threats, it operates covertly, remaining undetected by the victim.
What is cryptojacking?
Cryptojacking presents a threat wherein it infiltrates computers or mobile devices to harness their resources for cryptocurrency mining. Cryptocurrency, whether Bitcoin or one of the approximately 3,000 other varieties, constitutes digital or virtual currency. While some cryptocurrencies like Bitcoin have ventured into the physical realm through projects such as credit cards, most remain within the virtual sphere.
Cryptocurrencies operate via a distributed database called the ‘blockchain,’ which undergoes regular updates with transactional information. Transactions are grouped into ‘blocks’ through complex mathematical processes.
To generate new blocks, cryptocurrencies rely on individuals contributing computing power, with miners receiving cryptocurrency as a reward for their efforts. These miners employ dedicated computer rigs to complete the necessary mathematical calculations. This activity consumes a significant amount of electricity; for instance, the Bitcoin network currently consumes over 73TWh of energy annually.
Cryptojackers and the future of cryptojacking
This is where cryptojacking comes into play: cryptojackers are individuals seeking the benefits of cryptocurrency mining without incurring substantial expenses. By avoiding the purchase of expensive mining hardware and hefty electricity bills, cryptojacking enables hackers to mine cryptocurrency with minimal overhead costs. The cryptocurrency primarily targeted for mining on personal computers is Monero, favored by cybercriminals due to its difficulty in tracing transactions.
There exists some debate regarding the trajectory of cryptojacking—whether it is declining or increasing. Cryptojacking tends to surge alongside the value of cryptocurrencies, particularly Bitcoin and Monero. However, in recent years, two factors have mitigated the prevalence of cryptojacking:
- Crackdowns by law enforcement agencies.
- The closure of Coinhive, the prominent platform for managing cryptominers. Coinhive offered JavaScript code that websites could integrate to utilize visitors’ computers for Monero mining. However, the code was often exploited by hackers to inject mining scripts into websites without the owner’s consent. Coinhive ceased operations in March 2019, resulting in a significant decrease in site infections.
The motivation behind cryptojacking attacks is straightforward: financial gain. While mining cryptocurrencies can be highly profitable, achieving profitability becomes challenging due to the substantial costs involved. Cryptojacking serves as the illicit manifestation of cryptomining, providing an efficient and inexpensive method for mining valuable coins, albeit through unauthorized means.
How does cryptojacking work?
Cybercriminals use various tactics to infiltrate devices and install cryptojacking software, which operates surreptitiously in the background, either mining cryptocurrencies or pilfering from cryptocurrency wallets. Unsuspecting users may continue to utilize their devices as usual, albeit experiencing slower performance or delays.
Hackers typically employ two primary methods to clandestinely mine cryptocurrencies on victims’ devices:
- Convincing the victim to click on a malicious link within an email, which loads cryptomining code onto the computer.
- Infecting websites or online advertisements with JavaScript code that automatically executes upon loading in the victim’s browser.
Hackers often combine both approaches to maximize their gains. Regardless of the method used, the code embeds the cryptojacking script onto the device, operating discreetly in the background while the victim uses the device. Subsequently, the script solves complex mathematical problems on the victims’ devices and transmits the results to a server controlled by the hacker.
Unlike other forms of malware, cryptojacking scripts do not inflict damage on computers or compromise victims’ data. However, they do siphon computer processing resources. While individual users may perceive slower computer performance as merely an inconvenience, cryptojacking poses significant challenges for businesses, as organizations with numerous cryptojacked systems incur tangible costs, such as:
- Increased help desk and IT time spent troubleshooting performance issues and replacing components or systems in attempts to rectify the problem.
- Elevated electricity expenses.
Certain cryptomining scripts possess worming capabilities, enabling them to propagate to other devices and servers within a network, rendering them more challenging to detect and eradicate. Additionally, these scripts may inspect devices for existing infections by competing cryptomining malware, disabling them upon detection.
Initially, some web publishers sought to monetize their traffic by soliciting visitors’ consent to mine cryptocurrencies while browsing their sites, framing it as a fair exchange wherein visitors accessed free content while sites utilized their computer resources for mining. However, malicious iterations of cryptomining, namely cryptojacking, operate without users’ consent, persisting long after users leave the initial site. This clandestine technique is favored by unscrupulous website owners or hackers who compromise legitimate sites. Users remain unaware that their computers have been utilized for cryptocurrency mining, as the code consumes just enough system resources to evade detection. Often, a hidden browser window, such as a pop-under, remains open, concealed beneath the taskbar or behind the clock.
Cryptojacking can also target mobile devices running operating systems like Android, employing similar methods utilized for desktops. Some attacks manifest through Trojans concealed within downloaded apps, while others redirect users’ phones to infected sites, leaving behind persistent pop-unders. Although individual phones possess relatively limited processing power, when targeted in large numbers, they collectively provide sufficient strength to justify the efforts of cryptojackers.
Cryptojacking attack – examples
Prominent instances of cryptojacking include:
- In 2019, the Microsoft Store expelled eight distinct apps that covertly mined cryptocurrency using the resources of their downloaders. These apps purportedly originated from three different developers, although suspicion arose that a single entity was responsible for all of them. Potential victims could encounter these cryptojacking apps via keyword searches within the Microsoft Store or on lists of the top free apps. Upon downloading and launching one of these apps, users unwittingly acquired cryptojacking JavaScript code. This code would then activate, initiating the mining process for Monero, thereby consuming a significant portion of the device’s resources and consequently slowing it down.
- In 2018, cryptojacking code was found embedded within the Los Angeles Times’ Homicide Report page. Visitors to this page inadvertently had their devices employed to mine Monero, a popular cryptocurrency. The threat remained undetected for some time due to the minimal amount of computing power the script utilized, making it challenging for many users to discern that their devices had been compromised.
- Also in 2018, cryptojackers targeted the operational technology network of a European water utility control system, severely impeding the operators’ capacity to manage the utility plant. This incident marked the first documented case of a cryptojacking attack against an industrial control system. Similar to the hack involving the Los Angeles Times, the miner involved in this attack was focused on generating Monero.
- In early 2018, the CoinHive miner was discovered to be operating within YouTube Ads through Google’s DoubleClick platform.
- Between July and August 2018, a cryptojacking assault infected over 200,000 MikroTik routers in Brazil, injecting CoinHive code into a vast amount of web traffic.
How to detect cryptojacking
Identifying cryptojacking can be challenging due to its covert nature or its disguise as a harmless activity on your device. Nevertheless, here are three signs to be wary of:
Cryptojacking detection – 3 things to look out for
Reduced Performance
A primary indicator of cryptojacking is a decline in the performance of your computing devices. Sluggish systems serve as an initial warning sign; thus, remain vigilant if you notice your device running slower, crashing, or displaying unusually poor performance. Additionally, an accelerated depletion of your battery compared to usual usage patterns could signify a potential issue.
Overheating
Cryptojacking’s resource-intensive nature can induce overheating in computing devices, potentially resulting in damage or a shortened lifespan. If your laptop or computer’s fan operates at an elevated speed, it suggests that a cryptojacking script or website may be causing the device to heat up. The increased fan activity serves to prevent overheating or potential fire hazards.
Central Processing Unit (CPU) Usage
Elevated CPU usage while browsing a website with minimal or no media content might indicate the presence of cryptojacking scripts. A reliable method to assess potential cryptojacking activity is to monitor the CPU usage of your device using tools like Activity Monitor or Task Manager. However, it’s important to note that malicious processes may attempt to conceal themselves or masquerade as legitimate functions to impede detection. Moreover, when your computer operates at maximum capacity, troubleshooting becomes more challenging due to significantly reduced performance.
📚 Also Read: CryptoTab Browser
How to protect yourself against cryptojacking
Utilize a robust cybersecurity solution
Implementing a comprehensive cybersecurity program like Kaspersky Total Security can effectively identify threats and offer protection against cryptojacking malware. It’s advisable to prioritize installing security measures before falling victim to cyber threats. Additionally, regularly updating your operating system and applications, particularly web browsers, with the latest software patches is essential.
Stay informed about emerging cryptojacking trends
Cybercriminals continuously evolve their tactics, devising new delivery methods and modifying code to infiltrate computer systems with updated scripts. Proactively staying abreast of the latest cybersecurity developments enables you to detect cryptojacking activities on your network and devices while also mitigating other cybersecurity risks.
Utilize browser extensions designed to thwart cryptojacking
Given that cryptojacking scripts commonly exploit web browsers, employing specialized browser extensions such as minerBlock, No Coin, and Anti Miner can effectively block cryptojackers across various websites. These extensions are available for installation in several popular browsers.
Implement ad blockers
Since cryptojacking scripts often propagate through online advertisements, installing an ad blocker like Ad Blocker Plus can effectively intercept and prevent malicious cryptojacking code from executing.
Consider disabling JavaScript
Disabling JavaScript while browsing the internet can serve as a preventive measure against cryptojacking code infecting your computer. However, it’s important to acknowledge that disabling JavaScript might interfere with necessary website functionalities.
Block pages associated with cryptojacking
To safeguard against cryptojacking while browsing, ensure that the websites you visit are included in a meticulously curated whitelist. Alternatively, consider blacklisting sites known for distributing cryptojacking scripts, although this approach may not entirely eliminate the risk of encountering new cryptojacking pages.
While cryptojacking may appear relatively benign since it primarily exploits the victim’s computer processing power, its unauthorized utilization for criminal gain poses significant risks. By adopting robust cybersecurity practices and installing trusted cybersecurity solutions on all devices, you can effectively mitigate these risks and safeguard against potential threats.
FAQ’s
What is cryptojacking?
Cryptojacking refers to a cybercrime where cybercriminals illicitly utilize individuals’ devices, such as computers, smartphones, or servers, to mine cryptocurrency without authorization. Unlike traditional cyber threats, cryptojacking operates stealthily, often remaining undetected by the victims.
How does cryptojacking work?
Cybercriminals employ various tactics to infiltrate devices and install cryptojacking software covertly. This software operates in the background, either mining cryptocurrencies or pilfering from cryptocurrency wallets, while users continue to use their devices normally.
What are the signs of cryptojacking?
Signs of cryptojacking include reduced device performance, overheating, and elevated CPU usage. Users may notice their devices running slower, experiencing frequent crashes, or exhibiting unusually poor performance. Additionally, accelerated battery depletion and increased fan activity may indicate cryptojacking activity.
How can I protect myself against cryptojacking?
Implementing a robust cybersecurity solution like Kaspersky Total Security can help detect and prevent cryptojacking malware. Staying informed about emerging cryptojacking trends, utilizing browser extensions designed to thwart cryptojacking, implementing ad blockers, and considering disabling JavaScript or blocking pages associated with cryptojacking are also effective preventive measures.
Why is cryptojacking considered a threat?
While cryptojacking may seem relatively harmless as it primarily exploits the victim’s computer processing power, its unauthorized use for financial gain poses significant risks. It can lead to reduced device performance, increased electricity consumption, and potential damage to devices, impacting both individual users and organizations.
What are some notable examples of cryptojacking incidents?
Prominent instances of cryptojacking include the exploitation of the Microsoft Store to distribute cryptojacking apps, the embedding of cryptojacking code within websites like the Los Angeles Times’ Homicide Report page, and attacks targeting critical infrastructure systems like a European water utility control system.
How can I detect cryptojacking on my devices?
Detecting cryptojacking can be challenging due to its covert nature. However, signs such as decreased device performance, overheating, and elevated CPU usage may indicate cryptojacking activity. Monitoring your device’s performance and using cybersecurity tools to scan for threats can help detect and mitigate cryptojacking incidents.
Conclusion
Cryptojacking represents a significant threat, exploiting devices to mine cryptocurrency without detection. To mitigate risks, proactive cybersecurity measures such as robust security solutions, staying informed about emerging threats, and implementing preventive measures like browser extensions are crucial. Monitoring device performance for signs of cryptojacking activity is essential for safeguarding against unauthorized use of computing resources and potential financial losses.
Comments are closed.