How worried should you be?
by Martin Banks
Cybersecurity professionals know the importance of staying abreast of emerging threats and taking decisive action to conquer them. An issue that professionals became aware of primarily over the last couple of years is cryptojacking. Here are some valuable details about what a cryptojacking attack entails and how to avoid one.
How Cryptocurrency Relates to Cryptojacking
Before getting into the specifics of cryptojacking, people first need to know its relation to cryptocurrency mining. A cryptocurrency is a type of digital asset stored on a decentralized ledger called the blockchain. Mining, then, converts computing power into new cryptocurrency coins. The most successful miners usually have specially built computers that mine cryptocurrency 24 hours a day and seven days a week.
However, some ill-intentioned people wanted to mine cryptocurrencies while bypassing the need for a pricey, powerful setup. Some found that even the most powerful equipment they could afford was not sufficient for competing with other miners. These circumstances led to a new cybercrime called cryptojacking.
What Is Cryptojacking?
Cryptojacking — also known as malicious cryptocurrency mining — occurs when an outside party uses someone’s computing resources without their knowledge or consent. Instead of only stealing the computer of one person or a few people, these cybercriminals network all the wrongfully taken resources from people’s computers, tablets, smartphones and servers.
Combining them like that gives a cybercriminal the equivalent of one ultra-capable system purpose-built for cryptocurrency mining. They can then compete with people who purchased equipment to mine cryptocurrencies without buying anything themselves.
The Two Ways Cryptojacking Happens
Online criminals have a couple of options for victimizing people with cryptojacking. Here’s a breakdown of both of them.
Cryptojacking Via Websites
Browser-based cryptojacking had an innocent start. Its earliest associations concerned a now-defunct company called Coinhive. Its business model was that people could add scripts to their websites that used visitors’ computing resources to mine a cryptocurrency called Monero.
The company positioned its service as a revenue-generating option that let site owners avoid including ads with their content. Coinhive expected website operators who used their service to ask visitors’ consent before tapping into their computing power.
You can imagine, though, why things didn’t turn out that way. The site quickly gained an undesirable reputation for unintentionally facilitating cryptojacking attacks when some parties inserted the mining script onto their sites without getting permission or consent from the people visiting it.
Even though Coinhive went out of business, cybercriminals made copycat versions of the script or created ones to serve a similar purpose. Statistics indicate that browser-based cryptojacking may have affected a billion monthly visits spread across thousands of compromised online destinations. Cybercriminals extend their reach by affecting the servers that provide numerous websites to people worldwide rather than setting their sights on individual users.
Cybersecurity analysts have found cryptojacking scripts in various places, including:
- Legitimate but compromised websites.
- Scam sites meant to mimic the real ones.
- Browser extensions from online marketplaces.
- Customer support/live chat widgets.
A person affected by these cryptojacking attempts usually becomes victimized simply by visiting sites or using extensions they believe will provide something they want or need. For example, some browser extensions ultimately identified as malicious claimed to do something appealing, such as let the user play MP3s.
Device-Based Cryptojacking
Cryptojacking attempts relying on devices require a person to have malware on their device that does crypto-mining activities in the background. Research indicates that browser-based mining surged in 2018, but the malware type became more prominent the following year.
One of the likely reasons for that shift is that device-level access gives cybercriminals access to far more computing power than efforts made through a browser. That’s because the browser is only an application on a more extensive system. When hackers target the device itself, they can access the central processing unit (CPU) and the power it offers.
Senior security researcher Anthony Giandomenico clarified that this kind of malware usually doesn’t only mine cryptocurrency. He explained, “It will disable your antivirus, open up different ports to reach out to command and control infrastructure, it can download other malware. Basically, it’s reducing or limiting your security shields, opening you up to lots more different types of attacks.”
The two primary ways a person could download cryptojacking malware onto a device are to open a dangerous attachment — such as one received from an unknown sender — or download cryptojacking malware disguised as a useful application. In some cases, people encounter apps with bundled content. They appear to serve the purpose the user expects, but simultaneously do something else in the background.
Knowing the Signs of Cryptojacking
It’s not always possible to detect that you’re dealing with cryptojacking. However, there are a few telltale signs to keep in mind:
- Device suddenly performing slower.
- Device getting hot or fan activating frequently.
- Device metrics showing abnormally high CPU usage.
If you’re part of an organization’s cybersecurity team, explain these symptoms to employees. If anyone mentions experiencing them while using their computers, investigate their complaints promptly and encourage workers to always reach out if they notice unusual characteristics associated with a machine’s functionality.
How Can You Prevent Cryptojacking?
Cryptojacking frequently happens without a victim’s knowledge, but you can be proactive in reducing its likelihood. One option for stopping browser-based cryptojacking attempts is to disable JavaScript. However, that approach may also interfere with the correct functionality of websites you need to visit.
Another option is to install browser extensions designed to thwart cryptojacking efforts. Ad-blocking options could do the trick, especially since some of them detect cryptojacking scripts. Specialty offerings also exist that developers have made solely to stop cryptojacking. If you choose one of those, ideally select a well-reviewed choice with a high number of users or installations. Those aspects can indicate trustworthiness.
Installing anti-malware software on your device is another smart preventive measure. Most leading options on the market screen for an assortment of malware, including types related to cryptojacking. Plus, many offer automatic updates to protect users against the threats identified most recently. That means if new kinds emerge after you install the product, you’ll stay protected. Check the settings to be sure you get the recent protection without needing to download an update.
At the organizational level, using endpoint-detection products that recognize malware can stop cryptojacking from affecting entire networks. Moreover, keeping employees up to date about current malware tactics — related to cryptojacking or otherwise — makes them well equipped to avoid accidentally downloading attachments containing harmful code.
An Issue Worth Monitoring
Although some cybersecurity experts think cryptojacking is on a permanent decline, others warn that it’s still a genuine risk. One of the best ways to avoid becoming affected by it is to use the information here as a guide that highlights the essential things to know about the topic. Next, commit to continually researching the development of new cryptojacking techniques and scripts to better understand how they could affect you or your workplace.
About the Author
Martin Banks is the founder and Editor-in-Chief of Modded. You can find his writing all over the internet. He covers tech, gear, cars, and more.
