Cryptojacking is a threat that embeds itself within a computer or mobile device in an unauthorized way and then uses its resources to mine cryptocurrency. Cryptocurrency is digital or virtual money, which is in the form of tokens or “coins”. The cryptocurrency is mined through the malware which is installed on the victim’s computer, which uses their processing power to mine cryptocurrency without their knowledge or consent.
Cryptomining can slow down the victim’s system and can cause it to use more electricity, significantly leading to higher electricity bills for the victim. Cryptojacking can be termed as a form of cyber attack and is illegal in many countries.
In general, cryptocurrencies make use of distributed databases, which is known as ‘blockchain’ for operation. The blockchain is regularly updated with information about all the transactions that took place since the last update. Each set of recent transactions is combined into a ‘block’ using a complex mathematical process.
For the production of new blocks, cryptocurrencies depend on individuals to provide the computing power. Cryptocurrencies reward people who supply the computing power with cryptocurrency. These people who trade computing resources for currency are called “miners”.
How does Cryptojacking Malware work?
Cryptojacking is considered to be more popular because of its low entry barrier and high profitability. Hackers can sneak into devices and run crypto mining malware with few lines of code (usually JavaScript), operating secretly in the background.
Cryptojackers usually lure the users to click on links through phishing emails and make them download malicious code into their devices. Another approach undertaken by them is to infect websites using cryptojacking command lines embedded in HTML code. This code then runs the mining program automatically when the user opens the infected webpage. Hackers often use both methods to maximize their return. In both cases, the code places the cryptojacking script onto the device, which runs in the background as the victim works.
Among the cryptojacking malwares, some of them can even pass the virus to more than one device. In some scenarios, the attackers can benefit from the large computing resources of a server farm for free. The main objective of Cryptojacking is not the corruption or theft of personal data, rather getting access to devices and utilize the machine’s computing power. The attackers have an incentive to remain undetected because the longer the mining program runs, the more cryptocurrency they can obtain.
In early instances of cryptomining, some web publishers sought to monetize their traffic by asking visitor’s permission to mine for cryptocurrencies while on their site. They considered it as a fair exchange, where visitors would receive free content while the sites would use their computer for mining. In many gaming sites, users might stay on the page for sometime while the JavaScript code mines for coins. As soon as they leave the site, the cryptomining ends. Thus, users must know whether sites are being honest or not.
Effects of Cryptojacking
The primary way that Cryptojacking attacks impact a user’s device is by making it slow and causing it to use more electricity. This occurs because the malware installed on the victim’s computer will use their computer’s processing power to mine cryptocurrency.
Cryptojacking can even infect Android mobile devices through a Trojan hidden in a downloaded app. Many times, a user’s phone can be redirected to an infected site, that leaves a persistent pop-under.
Some crypto mining scripts have worming capabilities that allow them to infect other devices and servers on a network. This makes them harder to identify and remove. These scripts may also check to see if the device is already infected by competing crypto mining malware. If another cryptominer is detected, the script disables it.
Crypto Jacking Attack Methods
There are two main types of cryptojacking attacks:
- Web browser-based attacks: It involves the use of a website or online ad to deliver the cryptojacking malware to the victim’s computer. As the victim visits the website or clicks on the ad, the malware is automatically downloaded and installed on their computer. This type of attack is known as “drive-by cryptojacking” because the victim’s computer is compromised simply by visiting a website. Cryptojackers may create a website with embedded crypto mining JavaScript code and direct traffic to it for the purpose of cryptojacking, or they may compromise an existing site.
- Host-based attacks: This method is similar to standard phishing malware attacks, where the cryptohackers bait victims into clicking on harmless-looking links that results in installation of crypto mining software onto a victim’s device. This type of attack can affect all types of devices, such as Google Android phones are susceptible to Trojan horse cryptojacking attacks through apps on Google Play Store. Once the malware gets into the victim’s endpoint, cryptojacking software can move across all devices on the network, including servers, cloud infrastructures and software supply chains.
Crypto Jacking Attack Examples
Below are some high profile examples of cryptojacking attacks:
- In 2019, eight separate apps that secretly mined cryptocurrency with resources of whoever downloaded them were ejected from the Microsoft Store. The apps might have come from three different developers, although it was suspected that the same individual or organization was behind them all. Potential targets could encounter the cryptojacking apps through keyword searches within the Microsoft Store, and on lists of the top free apps. When a user downloaded and launched one of the apps, they would unintentionally download cryptojacking JavaScript code. The miner would activate and start looking for Monero, using up a significant amount of the device’s resources and therefore slowing it down.
- In 2018, cryptojacking code was discovered concealed within the Los Angeles Times’ Homicide Report page. When visitors went to the Homicide Report page, their devices were used to mine a popular cryptocurrency called Monero. The threat was not detected for a while because the amount of computing power used by the script was minimal. So, many users would not be able to detect that their devices had been compromised.
- In 2018, cryptojackers targeted the operational technology network of an European water utility control system, severely impacting the operators’ ability to manage the utility plant. This was the first known instance of a cryptojacking attack against an industrial control system.
- In early 2018, the CoinHive miner was found to be running on YouTube Ads through Google’s DoubleClick platform.
- During July and August 2018, a cryptojacking attack infected over 2,00,000 MikroTik routers in Brazil, injecting CoinHive code in a massive amount of web traffic.
How to detect Crypto Jacking?
Cryptojacking is crafted to be as undetectable as possible, but there are many symptoms to detect such attacks:
- Poor performance – This is a common symptom of cryptojacking. Devices affected may run slower than usual or crash at unusual moments due to strain on processing power from the extra workload. Another indicator is a battery that drains more quickly than it usually would.
- Overheating – This refers to a resource-intensive process that may cause a computing device to overheat. Fans in infected devices run faster than usual, or batteries may overheat if a cryptojacking script is taxing the processor of an infected device. Overheating can damage a device or shorten the lifespan of a device.
- High electricity costs – The common sign of an attack can be high electricity costs. The energy and processing power required for mining draws potential electricity.
- Central Processing Unit (CPU) use – CPU uses spike in response to cryptojacking. Victims with Windows can check their CPU use in Activity Monitor or Task Manager when visiting sites that run little or no media content. If any odd spike is noticed, this may signify a crypto jacking cyber attack. However, cryptojacking malware can be written to hide as legitimate processes and be hard to detect through this method. Additionally, a computer running at maximum capacity runs very slowly, this can make troubleshooting more difficult.
How to Defend Against Cryptojacking Attacks?
Cryptojacking is similar to other types of malware attacks and so are its prevention techniques. Thus, following methods are some of the best ways to prevent cryptojacking attacks:
- Use strong cybersecurity protection- Security admins should use strong antimalware and cybersecurity software built to detect the presence of malicious code, such as crypto mining software. They should also ensure that their organization implements the latest operating systems, web browsers and cybersecurity software updates.
- Use anti crypto jacking browser extensions- Browser extensions, such as minerBlock and No Coin, block cryptojacking software running in web browsers.
- Secure servers and cloud configurations- Publicly exposed servers and cloud services are vulnerable to cryptojacks and as such, should be identified, rooted out and/or secured.
- Use ad blocker and disable JavaScript- Using a strong ad blocker and disabling JavaScript can prevent cryptojacking software from running in web browsers. Some crytojacked ads are designed to evade ad blockers.
- Block infected sites- Blocking sites that host cryptojacking software or that have outdated plugins and security keeps users from accidentally accessing them.
- Stay updated- Cryptojacking is a constantly evolving threat, and staying updated on the latest attack methods keeps users aware of security threats which may act as a risk factor to them.
Leave a Reply