Your electricity bill arrives and shows that your consumption has doubled. You haven’t done anything out of the ordinary, so what’s happening? It’s possible that someone has been using your computer to mine for cryptocurrencies without your knowledge and consent. You’ve just become a cryptojacking victim.
Cryptojacking is the process of unauthorized mining for cryptocurrencies. Cybercriminals mine for Bitcoins using victims’ computers (typically the servers of large enterprises with ample processing capacity), so they won’t have to buy their own high-powered computers and pay the enormous electricity bills.
Other interesting terms…
Read More about “Cryptojacking”
Cryptocurrency mining has been in existence for more than a decade now. The only reason that not everyone does it is that the process requires high-end computer hardware. That doesn’t mean, however, that only those with the processing capacity do it.
Some cryptocurrency miners engage in unlawful cryptojacking. In 2018, in fact, cryptojacking unseated ransomware as the top cyber threat. Read on and learn more about the history of cryptojacking, how it works, and more.
History of Cryptojacking
Cryptojacking started innocently as a means for website owners to monetize their sites. An organization called “Coinhive” published the service on its website in September 2017, which used a JavaScript to mine Monero (Monero is a privacy-oriented cryptocurrency launched in 2014) within site visitors’ browsers.
However, cybercriminals immediately saw the opportunity to use it maliciously. They would hack into websites and leave the Coinhive JavaScript to mine Monero for their accounts. In 2019, Coinhive was shut down, but several copycat services have already appeared.
How Does Cryptojacking Work?
Cryptojacking has four major stages that are best broken down into the following:
Preparation
Cryptojacking, like most cybercrimes, starts with the attacker compromising a victim’s device by sending a malicious attachment or link through email or embedding them on seemingly harmless websites.
Planting
When victims click the malicious link, they unknowingly plant or execute the crypto malware on their devices.
Mining
The crypto mining script then begins doing its job, that is, to use the computing power of a victim’s device to mine blocks.
Harvesting
The attacker earns cryptocurrency coins every time a block is added to the blockchain. In effect, cryptojackers earn money at victims’ expense.
Tools Cybercriminals Use to Enable Cryptojacking
Cryptojacking requires the installation of cryptocurrency mining malware on users’ computers.
1. Classic Malware
Cryptojackers often send emails containing a malicious link to victims. Once clicked, a malware gets automatically downloaded onto the computer without the user’s knowledge. The cryptojackers can then install a cryptocurrency miner on the infected machine and start the operation.
2. Drive-By Cryptomining
Cryptojackers can also embed a malicious JavaScript into a webpage. Any visitor to that page then gets an infected computer.
Most cryptojackers use both forms of attack to ensure optimal returns. Most malware and scripts have worm capabilities, allowing them to infect connected devices and servers.
Known Cryptojacking Threats
We have seen cryptojacking at work over the years using these threats:
PowerGhost
PowerGhost came with spear-phishing emails. It steals victims’ Windows credentials to take over their computers, allowing attackers to disable antimalware and competing cryptominers if any. After that, it’s free to mine for cryptocurrencies using the infected system.
Graboid
Graboid is the first cryptomining worm. It affects unprotected Docker Engine systems connected to the Internet. All of the infected computers become part of the attackers’ botnet designed to mine for cryptocurrencies.
BadShell
BadShell uses legitimate Windows processes to hide its cryptocurrency mining operation. To do that, it runs a script that injects malicious code into ongoing processes.
While cryptojacking does not damage your computer, it does use up your processing resource and hikes up electricity costs. While slow computer performance may only be annoying to individuals, organizations whose operations rely heavily on fast computers can incur financial setbacks due to decreased productivity. These reasons make cryptojacking a problem that requires quick resolution.
Signs of Cryptojacking
Cybercriminals have become very adept at evading detection, and cryptojackers are no exception. How would you know if you have become a victim of cryptojacking? Below are some of the primary signs.
Unexplainable Increase in CPU Usage
You can check the CPU usage of a website or app by opening Task Manager. A website with minimal media content but is taking up a lot of CPU power could have cryptomining scripts running on it.
Performance Issues
Slowing down your device’s processes is one sign that something else is running in the background. When systems are running very slow for no valid reason, there could be a cryptojacking script silently running on them.
Mysterious Overheating
Another sign of cryptojacking is when your device suddenly overheats. Cryptomining requires a lot of power and resources, and this could cause your device to get overworked.
How Do You Protect Against Cryptojacking?
Detecting cryptojacking is hard. It’s also difficult to trace the source of high central processing unit (CPU) usage since a legitimate process often masks most cryptocurrency mining operations. Troubleshooting can also be challenging as cryptojackers usually adjust their usage to evade detection.
As such, the best way to prevent cryptojacking is to protect against malware and malicious scripts. That’s easy to do with a cybersecurity solution that detects and blocks threats from the source. One that prevents users from accessing malicious sites and webpages is best, too.
