You have just bought a shiny new device but after only weeks of using it, it slows down to a crawl. It overheats to the point where you can barely hold it in your lap, and you have to recharge it three times a day. One of the possible reasons is that someone might have enrolled your precious device into a crypto-mining zombie army. But unfortunately, they are not going to share their profits with you. They just use your device as a tool for a cryptojacking attack.
Contents
What is cryptocurrency
Before talking about the actual attack, we must first tell you about the concept of cryptocurrency. As you may know, cryptocurrency is a digital currency that has no physical form and can be used to buy goods online or even exchanged for real money. Cryptominers use electricity and computer power to turn the lines of complex codes into these monetary units. Cryptocurrencies have no central regulating authority, and their encrypted nature can guarantee anonymity for their users. Basically, you can use them without any official bodies seeing what you do with them.
Cryptocurrencies have experienced a recent bubble, with their values skyrocketing in a few years. One of the reasons for this is the principle of blockchain technology allowing only a limited number of units to be mined. This means that the mining competition is getting more intense, and mining requires more and more electricity. So it is no wonder that hackers invented a way to exploit other devices to cash in from the cryptocurrency boom.
What is cryptojacking
Cyptojacking is using someone else’s computer or smartphone to mine cryptocurrency without their consent. There are two ways cybercriminals can enslave your device. One is by using phishing tactics: a user receives a phishing email, clicks on a link, and gets a cryptomining script on their device. It starts running in the background, and they might not notice it for a long time. The device then sends a digital token to the hacker’s wallet, and the user is left with increased CPU usage and electricity bills due to the mining costs.
Another way of getting cryptojacking malware is through a malicious JavaScript code injected into a website or an ad. In this case, you don’t get a script in your device, but it is activated once you visit a website or load a banner ad or a pop-up. Cybercriminals use this “drive-by” mode by creating malicious sites or even injecting code into legitimate ones. This method seems less harmful than the first one as the code does not exist on the device level and works only when you visit certain websites. But usually, its activity does not stop once you close the tab — hackers have ways to make the malicious scripts run in the background even after closing the website.
Why cybercriminals use cryptojacking
There are a few reasons why this attack is popular:
The value of cryptocurrency keeps increasing, and its mining requires more and more resources. Thus, using other devices is cheaper than setting up your own mining farm;
Due to the anonymous nature and no regulation behind such currencies, it is quite difficult to trace the hackers;
It is a bit of a grey area in terms of a cybercrime definition and less risky than ransomware or other types of extortion attacks. In this case, cybercriminals do not do any real damage to you, like stealing your data or leaking your credentials. They just use your computing power for their gains. So, there is slightly less of a chance of them being traced and caught.
Cryptojacking examples
Facexworm
Facexworm is malware that uses Facebook Messenger and a Chrome extension to invade devices. It comes in the form of a malicious link, which installs a codec extension. It steals your credentials and injects a JavaScript miner into the pages you visit.
Coinminer
Coinminer is an example of rogue cryptojacking malware that kills all other cryptomining processes. It poses as a fake Flash player update, which hackers prompt you to click by using social engineering techniques.
How to detect cryptojacking
These are the main symptoms of cryptojacking:
Your CPU energy usage has increased significantly without any identifiable cause;
Your device constantly overheats;
Your device has started to work way slower than before.
How to prevent cryptojacking
To prevent cryptojacking, you should consider the following pieces of advice:
Do not open suspicious websites and never click on suspicious links or ads. Also, learn about phishing techniques and how to detect them;
Keep your security software up to date;
Use anti-cryptojacking extensions, which block cryptomining activities on the browser level. Just make sure you use safe and reliable ones
In case you have stumbled upon a cryptojacking website, you can block JavaScript in your browser.
Cryptojacking is a relatively new form of attack, so we recommend following the news and regularly updating your knowledge on the subject.