These days, much of your daily activity happens online. It applies both to individuals and businesses — we depend on the internet for our work, data storage, and entertainment. It means that criminals seeking to grab our resources focus on the cyber world, too. One of the relatively new threats is called ‘cryptojacking’. Read on to learn what is cryptojacking and if your device shows any symptoms of it.
TABLE OF CONTENTS
What Is Cryptojacking: The Basics
The term itself looks like something related to cryptocurrency, and it is. Cryptjacking refers to a practice when a hacker uses the computing power of your device to mine cryptocurrency. The problem is most cryptojacking victims are not even aware of it.
Here are some facts about cryptojacking:
- It got popular together with cryptocurrencies. As fair mining requires a lot of resources some malicious persons found a way to mine coins without investing in expensive hardware and paying electricity bills.
- Many victims don’t even suspect their device does it. Cryptojacking is rather hard to detect and the symptoms of it are generic.
- You don’t have to be a cryptocurrency user to get infected. It’s enough to have a computer, laptop, tablet, or smartphone and neglect basic security measures like installing and updating antivirus software.
- Cryptojackers prefer ‘privacy coins’. Though many people associate illicit mining with BTC, this coin comes second. The favorite is Monero (XRM).
- Such mining can be legal, too. There is a special service called Coinhive, allowing website owners to use the computing power of their visitors for mining crypto. Some of these sites are open about using this script — they see it as a fair way to monetize the traffic without making users pay for the content. The famous example is Pirate Bay, a popular torrent service, which recently added a disclaimer to their homepage.
Cryptojacking: Main Methods To Make You Mine
There are several methods cryptojackers apply to steal your computing power. Getting aware of them is the first layer of your protection.
- You receive an email
Normally, this message looks like a newsletter from your bank or another service you use on a regular basis. It urges you to click some link, and you do it without a second thought. It leads to downloading a cryptomining code to your device.
- You visit a website that uses cryptomining script
As we mentioned, using the computing resources of a website visitors may be a legit practice. The owners of the site don’t charge you anything for their content but make you do some calculations instead. Sounds fair, doesn’t it? The problem is, in most cases, there is no warning. Therefore, we may call it stealing.
Also, there are sites that contain fake ads with malicious links. They work the same way as the links we discussed above.
- Cloud cryptojacking
It’s one of the fastest-growing cyber threats, and it shows no signs of slowing down soon. To get access to a huge amount of computer resources, hackers seek to penetrate into a cloud service. To do it, they attack your computer and look for API keys.
It’s a novelty — a new tool named CoffeeMiner makes it possible to use the computing power of the devices connecting to a public Wi-Fi network. It’s an open-source app that anyone can use for the so-called Man-in-the-Middle attack. The name refers to coffee-shops and similar establishments that often provide free Wi-Fi to attract more customers. The application embeds JS code into the sites a victim visits. It lets a hacker use the victim’s CPU for mining cryptocurrency. The most popular choice is Monero.
Thе CoffeeMiner app got famous due to the attack in one of Buenos Aires Starbucks coffee-shops in December 2018.
Cryptojacking: How It Is Done
Now, let’s examine this malicious process step by step. Here is the mechanism:
- Hackers compromise a website or email message by embedding a special code in it.
- The victim executes the script by clicking on a malicious link/attachment in a familiar-looking email or on an alluring website ad.
- Then the cryptomining code runs in the background. Normally, the owner of the infected device doesn’t suspect anything.
- This script that now secretly runs on your PC, allows the hacker to use your computing powers for solving complicated math puzzles. It’s an essential part of a Proof-of-Work mining.
- Every time such a puzzle is solved, the jacker receives the reward. Thus, all the work is done at your expense but the profits go to the bad guy.
Cryptojacking: How To Avoid Falling Victim To It
Doing secret mining is damaging. It slows down your machine and increases your electricity bills as mining is very power-consuming.
Here are a few things to keep in mind if you want to protect yourself from this hateful scenario.
- If your PC has become slower, don’t just ignore this fact.
It may be a symptom of hidden mining that consumes a lot of resources. As a result, even the basic processes run more slowly.
- If your device overheats, it may be a red flag, too.
You have noticed that your laptop or tablet is hotter than normal? It may be because it’s working too hard, mining Monero for someone you don’t even know. Note that overheating is damaging for a device: it makes its life shorter and can lead to failure.
- Watch out for any abnormal CPU usage.
For instance, if visiting a website with no or little ‘heavy’ content (pictures, videos, etc) takes a lot of processing power, it should ring the alarm bell for you.
- Use an updated version of antivirus software by a reliable developer.
Also, scan your device regularly — it will help you to stop hackers at an early stage. Therefore, the loss will be smaller.
- Follow the news.
Cryptojacking and other harmful practices are mutating all the time. Like in fashion, every season brings us something new. And you’d better be aware of all the latest trends.
Cryptojacking: Preventive Measures
Well, detecting a threat is important.
But how do you prevent it in the first place? There are some measures that have proved effective. Use them to keep your business or private activity protected from getting this cyber bug.
Get Your Security Team Properly Trained
If you are a business, make sure your IT guys know how to detect the threat and deal with it. The earlier they do it, the smaller is the damage. Also, educate the people who work for you — for instance, demand they read this article). Your employees and family should understand the risks of clicking on any link or ad. It’s important: according to some reports, there are about 50,000 websites infected with scripts like Coinhive.
Use Special Browser Extensions
There are browser extensions like minerBlock, Anti-Miner, NoCoin. The names are self-explanatory. Install them to prevent bad scripts from stealing your computing powers.
Ban the Ads
The best way to prevent anyone from clicking on bad ads is to ban them altogether. Using an ad-blocker would be a good solution.
No Java Script
Some people believe that Java is essential to enjoy many functions. But if you cannot explain what these functions are, it’s highly likely that you don’t need Java at all. The experts recommend disabling JS. By doing it, you will get rid of one of the most insecure places in your software.
Avoid Public Wi-Fi
Everyone who cares about the safety of their data should forget about public Wi-Fi hotspots in airports, shopping malls, coffee-shops, etc. If you cannot do without it, install VPN and antivirus software.
As you have noticed, cryptojackers thrive on ignorance and carelessness. Thus, the rule of thumb would be to keep your eyes open and implement some simple security measures we described.