What is Cryptojacking?

May 13, 2020
16:05
2 min reading

Choise.com team

Step aside, ransomware: because cryptojacking is officially the new affliction in the internet.

We get it. Cybersecurity may feel like a messy free-for-all sometimes. But it’s not often that we experience a whole new conceptual type of attack cropping up. Over the last couple of years, however, cryptojacking has been exactly that. It is officially everywhere, and it doesn’t seem like it’s going away anytime soon.

If this concept is new to you, here’s a simple way to look at it: attackers find a way to take advantage of your computer’s processing power to mine cryptocurrency for themselves.

Cryptocurrency mining malware has been around for a long time. But it wasn’t until late 2017 that the cryptocurrency world took an interest into this matter. By that time, a group called Coinhive crafted a simple mining module that could be embedded on every single website out there.

And once it’s on a website, everyone that visits the page contributes their CPU cycles to mining cryptocurrency for the owner of the module (AKA cryptocurrency hackers).

In this article, you will learn what is cryptojacking, how cryptojacking works, and what measures you can take to stay protected from cryptojacking scripts. Let’s get started!

Cryptojacking definition

So… what is cryptojacking? Loosely defined, Cryptojacking is the malicious use of someone’s computer to mine cryptocurrency. Even though it works in a fairly straightforward way, it is not easy to detect or prevent.

After clicking an infected link, the cryptojacking code loads onto your computer and begins to run in the background – and the only indication for some users that their computer has been compromised is a slower performance.

Why is cryptojacking popular?

Stealing money from a credit card could be profitable for criminals, but it’s a one-time thing. Cryptojacking offers criminals the benefits of passive income, without bearing any cost or risk. This innovative approach, along with rising cryptocurrency prices, have taken cryptojacking to the mainstream criminal scene in the past years.

This coin mining malware has gained so much attention that most threat actors are moving away from ransomware to put in motion cryptojacking. Cybercriminals depending on ransomware have been trying different money making methods, including locking a user’s device and demanding ransom payment and/or selling the stolen data.

The problem of both tactics is that they require the involvement of multiple parties to succeed. For example, the victim of a ransomware attack has to be willing to pay, and the hacker can’t sell the data if no one is willing to buy. With these limitations in mind, cryptojacking makes a perfect alternative.

How does cryptojacking work?

When it comes to hacking, there’s no general rules. Each hacker might use different techniques, and steps to get the job done. But the point of this guide is to give you a broad understanding on the steps criminals typically need to install mining code on other people’s devices.

#1 — Compromise an asset & embed cryptojacking script

There are three methods criminals use to infect computing devices with cryptomining scripts. These include file-based cryptojacking, browser-based cryptojacking, and cloud cryptojacking.

File-Based Cryptojacking

Receiving an email prompting you to click a link is the oldest method used by most cryptojackers. Clicking the link in question instantly loads the cryptomining code malware onto your PC without your knowledge.

What’s more? To improve your chances of clicking the link, the criminal makes it look like the email is coming from a company you recognize or are familiar with, for instance, banking institutions or your cryptocurrency wallet.

Browser-Based Cryptojacking

The best example of an attack created using this method is the one created by Coinhive, as briefly mentioned above. Today, hundreds of thousands of criminals are dedicated to finding and exploiting the vulnerabilities in all types of high traffic websites so they can infect ADs with their own cryptojacking modules.

When you visit a compromised page using web browsers and click one of the affected ads, the cryptomining code automatically starts running in the background of your desktop or device.

Cloud Cryptojacking

As more and more companies adopt cloud platforms and services, the cloud has become the next obvious target for threat actors. If hackers find a way into your cloud platforms, they’ll have the freedom to use as many computer resources as they wish for their mining process, which could, in turn, result in a severe cost increase on your part.

Cryptocurrency hackers gain this access by penetrating your computer network and looking through your files and the computer’s code for API keys with cloud access.

#2 — Execute the cryptomining script

Needless to say, once embedded, cryptojackers start counting on their potential victims to click the link or ADs to execute and run the cryptocurrency malware script on their devices.

#3 — Launch the cryptomining script

After getting executed, the cryptomining script launches in the background, without the knowledge of the victim.

#4 — Solve complex algorithms

The running cryptomining script uses the victim’s computer processing power to solve complex algorithms (AKA mine), making a cryptocurrency network more secure and reliable. At your expense, of course.

#5 — Get rewarded in cryptocurrency

Every time the hackers add a new block to the blockchain, they get rewarded in cryptocurrencies. And with little risk of detection, they even anonymously put the cryptocurrencies they receive in their own digital wallets.

How to detect cryptojacking

Becoming a victim of cryptojackers doesn’t sound like a big issue, but it actually is. Even though the goal of the criminals is not to damage a victim’s computer or steal personal information, some of them may use malware that ends up damaging your device.

In addition, even if the worst outcome of the infection is the slowdown of a user’s computer, firms can end up spending significant amounts of money trying to track down the performance issue (or replacing tools that could not withstand the demands of cryptojacking)

With those predicaments in mind, here are several ways you can tell if your machine has been infected.

Scan for malware

The reason some individuals fall victim to cryptojackers in the first place is that they have no antivirus programs installed on their devices. And just installing the program isn’t enough. You need to update it constantly because viruses are also expanding, updating, and becoming more harmful.

That said, in some instances, relying solely on scanning software and antivirus tools isn’t sufficient. That’s because most cryptomining scripts used in cryptojacking attacks are actually legitimate scripts, which means they won’t be detected as cryptojacking malware or viruses by signature-based security tools.

That’s where the other detection tips come into play.

Don’t overlook overheating

Always look for a sign that your computer’s system is working harder than usual.The process of mining cryptocurrencies is, after all, a CPU-intensive task – so a great indication that the machine is infected is overheating.

Also, you need to investigate right away after you notice your computer is overheating. Waiting could result in irreversible damages to your machine.

Keep an eye on CPU usage

If you’re in a corporate environment, then this issue might manifest as a sudden surge in CPU wastage through overheating or a noticeable increase in worker’s complaints regarding poor performance.

Sure. Machines showing signs of poor performance could be an indication of different sorts of attacks. But if it’s a sudden widespread performance issue, then you need to take it as a red flag and start investigating.

Conduct performance tests

Even if your computer doesn’t overheat or show signs of poor performance, experts recommend that you conduct performance tests from time to time (for instance every 2 months.) Sometimes the cryptojacker might be attacking many computers at the same time, which means your computer may be spared from any serious signs of an infection.

Monitor your websites

Do you own a website? Routinely installing patches and updating plugins on your websites is another measure you can employ to ensure endpoints and security gaps have been filled – which in turn protects your sites from the latest cryptojacking threats.

Remember that many successful web-based cryptojacking attacks exploit well-known vulnerabilities that you left unsecured.

Stay on top of cryptojacking trends

While cryptojacking efforts continue to advance and progress, you may end up falling victim to these cybercriminals if you cling to traditional methods of detecting and preventing attacks. Keeping up with the constantly shifting trends may be exhausting, but doing so is the only way to ensure your computer’s safety.

How to prevent cryptojacking

Educate yourself

We recommend working closely with network security operators to learn about how to recognize attacks promptly and signs that attackers may be trying to load malicious codes on your system. Also, extensively educate yourself on the differences between web-based and file-based cryptojacking.

Use anti-cryptomining extensions and ad-blockers

Since many cryptojacking attack efforts these days are cloud-based and browser-based, improve the security on both platforms using anti-cryptomining extensions and ad-blockers respectively. Both solutions are specifically designed to identify and block cryptomining scripts.

Disable JavaScript

Where feasible, disable your website’s JavaScript on web pages to directly prevent any cryptojacking script from executing and launching. But when you do, do not forget to double-check the site to ensure the changes will not affect users’ experience.

The bottom line

As you can see, protecting yourself from cryptojacking attacks start with detection, awareness, and prevention. Use these guidelines to keep your computer safe from unauthorized infections. And if you’re willing to take it a step further, invest in an affordable cybersecurity plan.

Want bank-level security for your crypto?

The Crypterium Wallet offers bank-grade security protocols that keep your cryptocurrency safe from threats, always available to you. And for additional peace of mind, Crypterium accounts are 100% insured. Try it now.