All about Cryptojacking
Cryptojacking (also known as malicious cryptocurrency mining) is an emerging online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of virtual money known as cryptocurrencies. It is an emerging threat that can invade web browsers, and corrupt all types of devices, from desktops to laptops, smartphones to network servers.
Like the majority of malicious attacks on the computing community, the motive is profit, but unlike many threats, it is designed to remain entirely hidden from the user. To understand the mechanics of this threat and how to protect against it, let’s start with some background information.
What are cryptocurrencies?
Cryptocurrencies are forms of digital money that exist only in the virtual world, with no real physical form. They were created as an alternative to traditional cash and have gained popularity due to their innovative design, growth potential and anonymity. One of the first forms of cryptocurrency, and also one of the most popular, Bitcoin, appeared in 2009. In December 2017, the value of a bitcoin had reached its highest value at nearly $20,000 before falling the $10,000. Bitcoin’s success has inspired other cryptocurrencies that work more or less the same way. Less than a decade after its invention, people around the world are using cryptocurrencies to buy, sell and invest.
Two words, “cryptography” and “currency”, have been combined to form the term “cryptocurrency”, which is electronic money, based on principles of complex mathematical encryption. All cryptocurrencies exist in the form of encrypted decentralized monetary unit, which can be freely transferred between network participants. To put it simply, cryptocurrency is electricity converted into lines of code that have real monetary value.
“Cryptocurrency units (called “coins”) are nothing more than entries in a database”
Cryptocurrency units (called “coins”) are nothing more than entries in a database. In order to perform a transaction that modifies the database, certain conditions must be met. Think about how you track your money in your bank account. When you authorize transfers, withdrawals or deposits, the bank’s database is updated according to your transactions. Cryptocurrencies work the same way, but with a decentralized database.
Unlike traditional currencies, cryptocurrencies such as bitcoin are not backed by any specific government or bank. There is no government oversight or central regulatory body for cryptocurrency. Cryptocurrency is decentralized and managed simultaneously in multiple duplicate databases on a network of millions of computers that are not owned by a single person or organization. Also, the cryptocurrency database functions as a digital ledger. It uses encryption to control the creation of new coins and verify the transfer of funds. Meanwhile, the cryptocurrency and its owners remain completely anonymous.
The anonymous and decentralized nature of cryptocurrencies means that there is no controlling body that decides how much money to put into circulation. Instead, the way most cryptocurrencies enter circulation is through a process called “mining.” Without going into too much detail, it can be said that the mining process turns computing resources into cryptocurrency coins. At first, anyone with a computer could mine cryptocurrency, but that quickly turned into an arms race. Today, most mining programs use powerful, purpose-built computers that mine cryptocurrency around the clock. Soon people started looking for new ways to mine cryptocurrency, and this is where cryptojacking was born. Instead of buying an expensive mining computer, hackers infect traditional computers and use them as a network to carry out their orders.
If cryptocurrencies are anonymous, how do people use them?
Cryptocurrency owners keep their money in virtual “wallets,” which are securely encrypted with private keys. During a transaction, the transfer of funds between owners of two digital wallets requires a record of that exchange to be entered into the decentralized public digital ledger. Specific computers collect data from the latest bitcoin or other cryptocurrency transactions approximately every 10 minutes and turn them into a mathematical puzzle. At this time, the transaction contained in the puzzle is waiting to be confirmed.
Confirmation only occurs when members of another category of participants, called miners, independently solve complex mathematical puzzles that prove the legitimacy of the transaction, and then complete the transaction from owner of a wallet to the other. Usually, a plethora of miners try to solve the puzzle at the same time as fast as possible to be the first to find the solution that authenticates the transaction.
Miners discovered that even quality PCs with powerful processors could not mine fast enough to cover the costs involved
The miner who solves the encrypted problem first receives a reward, usually an amount of new cryptocoins. This approach was specifically designed to appeal to those who spend time and use the computing power of their computers to maintain the network and create new coins. Because the calculations of puzzles are increasingly complex (especially for bitcoins), miners have found that even the best computers with a powerful processor cannot mine fast enough to cover the costs incurred.
“If you are a victim of cryptojacking, you may not know it”.
Miners upgraded their machines by adding sophisticated video cards, sometimes even multiple cards, to handle the huge calculations. Eventually, miners who wanted to stay competitive resorted to creating huge computer farms with hardware dedicated to mining cryptocurrencies on a commercial scale. This is where we are today: real cryptocurrency players invest big money in a high-risk fight against other miners to solve the puzzles first to reap their reward.
Escalating this massive effort generates an extremely expensive arms race, which requires a lot of processing power and electricity to increase the miners’ chances of being profitable. For example, before China shut down its cryptocurrency farms, monthly electricity bills reached $80,000.
What is Cryptojacking?
Cryptojacking is a scam that uses people’s devices (computers, smartphones, tablets or even servers), without their consent or knowledge, to secretly mine cryptocurrency from the victim’s account. Instead of creating a dedicated cryptocurrency mining computer, hackers use cryptojacking to steal computing resources from their victims’ devices. When you add all these resources, hackers can participate in sophisticated mining operations without paying the associated fees.
If you are a victim of cryptojacking, you may not know it. The majority of cryptojacking software is designed to remain invisible to the user, which does not mean that there are no consequences. This theft of your computing resources slows down other processes, increases your electricity bills, and shortens the life of your device. Depending on the subtlety of the attack, you may notice warning signs. If your PC or Mac is slowing down or using its cooling fan more often than usual, you may have reason to suspect cryptojacking.
The motivation behind cryptojacking is simple: money. Mining cryptocurrencies can be extremely lucrative, but making a profit today is almost impossible without the means to cover significant costs. For someone with limited resources and questionable morals, cryptojacking is an effective and inexpensive way to mine valuable coins.
How does cryptojacking work?
Cryptohackers have more than one trick up their sleeve to hack into your computer. One of the methods works like regular malware. You click on a malicious link in an email and it loads cryptocurrency mining code directly onto your computer. Once your computer is infected, the cryptohacker starts working around the clock to mine cryptocurrency while remaining hidden in the background. Because it resides on your computer, it is a local, persistent threat that infects the computer itself.
Read also: My Phone is Tapped | How do I know if my phone is monitored?
Another approach to cryptojacking is sometimes referred to as spam cryptocurrency mining. Similar to advertising exploits, this scam involves embedding a piece of JavaScript code into a web page. Then, it carries out the mining of the cryptocurrency on the computers of the users who consult the page.
Signs that may indicate pirate mining or cyptojacking
- A noticeable slowdown in device performance
- Overheating of device batteries
- Devices that stop due to lack of computing power
- Reduced device or router productivity
- An unexpected increase in electricity costs
Unwanted mining can even infect your Android mobile device
In the early days of nuisance mining, web publishers involved in the bitcoin craze sought to improve their profits and monetize their traffic by openly asking visitors for permission to mine cryptocurrency while on their site. They offered it as an exchange of goodwill: you get free content while they use your computer for mining. If you were viewing, say, a gaming site, you would likely stay on the page for a while while the JavaScript code mined the currency. Then when you left the site, the mining also stopped and freed your computer. In theory, this might sound fine as long as the site is transparent and honest about what it does, but it’s hard to be certain that sites are really playing the game.
More malicious versions of nuisance mining don’t bother asking for permission and continue mining even when you leave the original site. This is a common technique of suspicious site owners, or hackers who have corrupted legitimate sites. Users are completely unaware that a site they have visited is using their computer to mine cryptocurrency. The code uses just enough system resources to remain invisible. Although the user thinks that the browser windows are closed, a hidden window remains open. Typically, it’s a pop-under that’s the right size to hide under the taskbar or behind the clock.
Unwanted mining can even infect your Android mobile device. It uses the same methods that target desktop computers. Some attacks occur via a hidden Trojan in a downloaded application. Or the phone users may be redirected to an infected site which leaves a persistent pop-under. There is even a trojan that infects Android phones with an installer so dangerous that it can use up the CPU until your phone overheats, which bloats the battery and renders your Android phone pretty much unusable. So here is.
You might think to yourself, “Why use my phone that has relatively little processor power? Yet when these attacks take place en masse, the sheer amount of phones adds to a collective strength that can attract the attention of cryptohackers.
Some cybersecurity experts point out that unlike most other types of malware, cryptojacking scripts do not damage computer or victim data. But stealing CPU resources has consequences. Of course, slow performance is just a small inconvenience for an individual user. But for large companies that may have suffered cryptojacking from many systems, the costs are very real. Electricity costs, IT staff costs, and missed opportunities are just some of the consequences of what happens when an organization falls victim to malicious cryptojacking.
How important is cryptojacking?
Cryptojacking is relatively new, but it is already one of the most common online threats. In a recent Malwarebytes blog, our intelligence team reports that since September 2017, malicious mining (another name for cryptojacking) has been the most common malware detection. The following month, in an article published in October 2017, Fortune suggested that cryptojacking was the virtual world’s newest security threat. More recently, we were able to witness a 4,000% increase in detections of Android-based cryptojacking malware in the first quarter of 2018.
Moreover, cryptohackers continue to improve their method by invading more and more powerful hardware. This is the case, for example, of an incident in which criminals cryptojacked the technological operational network of the control system of a European wastewater treatment plant, altering the ability of the operator to manage the installation of the public service. In another case from the same report, a group of Russian scientists allegedly used the supercomputer at their nuclear warhead research and manufacturing facility to mine bitcoin.
Criminals even seem to prefer cryptojacking to ransomware.
Surprising as these intrusions may seem, cryptojacking of personal devices remains the biggest problem, as stealing small amounts of money from many devices can generate large amounts. In fact, cybercriminals even seem to prefer cryptojacking to ransomware (which uses, also ent cryptocurrency for anonymous ransom payments), as it seems to generate more money for less risk.
How do I protect myself against cryptojacking?
Whether you have been the victim of cryptojacking on your local system, or via your browser, it can be difficult to manually detect an intrusion. Similarly, discovering the source of high CPU usage can be difficult. Processes can hide or appear to be legitimate in order to prevent you from stopping the attack. And to help cryptohackers a little more, when your computer is running at full speed, it slows down a lot, making it hard to identify the problem. As with all other malware precautions, it is far better to install a security solution before becoming a victim.
An obvious solution is to block JavaScript in the browser you use to browse. While this action stops unwanted cryptojacking, it can also prevent you from using features you like and need. There are also specialized programs, like “No Coin” and “MinerBlock”, which block mining activities in popular browsers. Both of these programs have extensions for Chrome, Firefox, and Opera. The latest version of Opera even includes NoCoin by default.
Due to the proximity between the techniques used in cryptojacking and other more “classic” forms of cyberattacks, the methods for protecting against them are supposed to be known.
First and foremost, be aware of the dangers of phishing in its various forms. Consider including an awareness component of the concrete manifestations of these attacks in your security training, emphasizing the evocative signs of any attempt to load malicious code by a hacker.
Web browsers are hackers’ preferred infection vector for many cryptojacking attacks; their security must also be reinforced. How? ‘Or’ What ? Choose a web browser that takes security seriously and use a good ad blocker to disable potentially malicious scripts. You can also use a quality VPN to enhance the security of your web browser. Finally, be aware that several very accessible add-ons are specifically designed to detect and block cryptomining scripts.
Beyond that, the effectiveness of defenses against cryptojacking relies on protection techniques commonly employed to combat other forms of attacks. The use of personal IT equipment in the workplace represents a potential source of infection when these devices use the same networks or are connected to internal systems. Consider using mobile device management software and systematically update your software, including browser extensions and mobile device applications.
Whether cybercriminals are trying to use malware, a browser-based spam download, or a Trojan, you’re protected against cryptojacking
However, we advise you to avoid a dedicated solution and prefer a comprehensive cybersecurity program. Malwarebytes, for example, doesn’t just protect you against cryptojacking. It also repels malware, ransomware and several other online threats. Whether cybercriminals are trying to use malware, a browser-based spam download, or a Trojan, you’re protected from cryptojacking.
In an ever-changing threat landscape, staying protected against the latest threats like cryptojacking is a full-time job. With anti-cryptojacking, you have the powerto detect and eliminate all types of intrusion and secure your data so that no one else can access it.
The final word…
Even if a cryptojacking attack stricto sensu results in performance degradation at most, these seemingly benign consequences should not be underestimated. Victims of this type of attack should rather interpret this as a red flag. Indeed, if a hacker manages to install malicious code on your machines (or those of your employees), your security may not be as secure as it should be.
Crypto Mining | How to mine cryptocurrency? (Detailed Guide)
Important information: All investments involve some degree of risk. As a general rule, you should only sell and buy or trade financial products that you are familiar with and understand the risks associated with. You should carefully consider your investment experience, financial situation, investment objectives, level of risk tolerance and consult your independent financial advisor regarding the appropriateness of your situation before making any investment.
Sources: PinterPandai, Kaspersky, INTERPOL (International Criminal Police Organization)
Photo credit: Piqsels (CC0 Public Domain)