Cryptojacking
What is Cryptojacking?
Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link through an email that loads cryptomining code on the
computer or by infecting a website with JavaScript code that auto -executes once loaded in the victim’s browser.
Either way, the cryptomining code then runs in the background as unsuspecting victims use their computers normally. The only symptom they might notice is slower performance or lags in execution.
How does Crptojacking Works?
Cybercriminals have several means to get a victim’s computer to start mining cryptocurrency.
The first way is to deceive victims into loading cryptomining code onto their PCs, often through a phishing email.
The attacker plays some Social Engineering and sends a legitimate-looking email that urges them to click on a link. The link then runs a script on the computer that mines cryptocurrencies in the background unbeknownst to the victim.
The second method is to place a script on a website or an ad delivered to several websites. When a victim visits an affected website or clicks on an infected ad, the script automatically runs.
Either way, code is not stored on the victim’s device; all it does is run complex mathematical problems and sends the results to a server under the cyber criminal’s control.
Some scripts have worm-like abilities, so they can infect more devices on the same network, maximizing returns for the hacker. This also makes it more difficult to remove.
Such worms can also change their scripts to run in different computer architectures, such as x86, x86-64, and aarch64. Hackers loop through different scripts until one works. Then a cron job ensures the script will have persistence on a device or kill off the script if it gets detected.
Cryptomining scripts can also check if other competing cryptomining malware has been cryptojacking a device. If it detects other scripts, it can disable them to run its script instead.
Why is Cryptojacking a problem?
Cryptojacking seems like a victimless crime, as no damage is done to a victim’s computer and no data is stolen.
What is stolen is the resources available to a computer in terms of CPU or GPU cycles. Using computing power in this way is a criminal offense and done without the knowledge or consent of the victim to benefit the hacker who then makes money from this activity.
While an individual may be annoyed with a slower computer, enterprises may incur costs arising from help desk tickets and IT support time in finding and fixing problems with slow computers. It can also result in much higher electricity bills for companies affected.
Why it is so popular?
The simple reason why cryptojacking is becoming more popular with hackers is more money for less risk. “Hackers see cryptojacking as a cheaper, more profitable alternative to ransomware,”. With ransomware, a hacker might get three people to pay for every 100 computers infected, he explains. But with cryptojacking, all 100 of those infected machines work for
the hacker to mine cryptocurrency. “[The hacker] might make the same as those three ransomware payments, but cryptomining continuously generates money”.
The risk of being caught and identified is also much less than with ransomware. The cryptomining code runs surreptitiously and can go undetected for a long time. Once discovered, it’s very hard to trace back to the source, and the victims have little incentive to do so since nothing was stolen or encrypted.
How to detect whether you are a victim of cryptojacking?
Cryptojacking is virtually undetectable in most cases. However, there are a few signs that your computer could be a victim, including the computer heating up, making loud fan noises, draining batteries faster than usual, decreased performance, shutting down due to lack of available processing power.
You should consider closing and blocking any website suspected of running cryptojacking scripts if you see these symptoms. You should also update or delete any questionable browser extensions.
How to prevent it?
There are a few things users can do to prevent their machines from succumbing to a cryptojacking incident.
Among them is installing an ad-blocker, as most of them can prevent cryptojacking scripts. You should also keep your systems updated with the latest software and patches for your operating system and all applications — particularly web browsers. Many attacks exploit known flaws in existing software.
Organizations can make a list of URL/IPs of infected cryptojacking sites and domains of crypto-mining pools to block. They can also implement network system monitoring to identify excessive resource usage.
