Corresponding to the technological advancements and expansion of IoT technology, many new types of cyber threats have entered the picture. One such hacking technique called cryptojacking, also known as “malicious crypto mining,” is now undergoing a resurgence phase after its peak prevalence in 2018-2019. This malware was listed as the “Top cyberthreat” in 2018 when it rampantly affected both individuals and large corporations. For example, in 2018, cryptojackers attacked the European water control utility system, severely compromising its working capability, whereas, in 2019, eight Microsoft store apps with a large number of downloads were detected by the Microsoft team which contained the crypto-jacking malware.
That said, let us look at this unique crypto threat, its types, and how to protect yourself against it.
What is Cryptojacking?
Cryptojacking is a cyberattack technique where the perpetrators furtively take control of other people’s devices and leach on their power or resources to mine cryptocurrencies. Like all the other cyber-criminal activities, the purpose of attackers is to “make money”; however, in this case, they do so by concealing their presence. First, the criminals infect devices, whether computers, mobiles, laptops, or cloud servers, with malware via several channels. After penetrating the system, they take advantage of the victim’s computational and electricity resources to fill up their wallets.
As the mining procedure drains CPU power and incurs large electricity bills, cryptojacking appears quite lucrative to hackers, allowing them to evade these liabilities. To someone with the necessary technical knowledge and cunning mind, cryptojacking is a smooth and affordable way to acquire valuable crypto coins.
Also, note that, although cryptojacking for Bitcoin mining (the most prominent PoW crypto) has become impracticable, hackers can still target other proof-of-work coins like Monero, which has lower requirements. The reason for Bitcoin’s unsuitability is its validation process that is now carried out on heavy equipment and machinery instead of simple computers.
Initially, the idea of cryptojacking was introduced to allow the website owners legally generate revenue through visitors’ consent. The once most popular service, Coinhive, was developed for this exact cause as it provided coding files for mining Monero. However, it did not take long before hackers started using this service for illicit cryptojacking. Due to its extensive misuse, Coinhive was heavily criticized and shut down in 2019.
How does cryptojacking work? What are its types?
This type of cryptojacking directly loads the mining code or file into the targeted device. Most commonly, hackers utilize “phishing” methods to lure users into clicking corrupted links sent through emails. In such types of scams, hackers may pose themselves as official representatives and tactically encourage the users to download an attached file or click on web links. If a person follows their instructions, the malicious script or mining code starts operating in the background to covertly mine cryptocurrencies.
Another way to hijack devices is by injecting the crypto mining code into website URLs. In this case, the embedded command script gets implemented when the victim visits the tampered webpage. Note that in addition to a website’s HTML code, this malicious script can also be implanted in “display ads.”
This browser-based cryptojacking can be executed on all regular browsers like Google Chrome, Mozilla Firefox, Opera, and Safari, among others. Once a user opens the infected website, the clandestine code is automatically enacted on the target device, allowing the hacker to receive gains.
Cloud server cryptojacking
Cloud cryptojacking is significantly more complex than the other two techniques because it involves a powerful and centralized cloud infrastructure. To take over a cloud service, hackers try to search the API keys from a pool of codes and files. If successful, they can utilize massive resources and high computing & electric power to move forward with their surreptitious crypto mining operations.
Some cryptojacking malware even holds the ability to transfer the bug to a large network of devices or servers. Through the distribution of a virus, hackers can exploit enormous resources without paying a single dime. Moreover, as their aim is to function without coming on the radar, most cryptojackers do not engage in any personal data theft that could alert the victim.
How to discern cryptojacking?
The biggest challenge regarding this cyber threat is its “concealed” nature. While it is difficult to trace the cryptojacking malware by non-tech people, it can be detected by noticing various simple metrics. Here are some common indicators of a cryptojacked or compromised device.
A major sign of cryptojacking is slowed and decreased device performance. When infected with the virus, the computer may occasionally slow down, hangs, or crashes without any apparent reason. Moreover, the battery could drain very fast even when the device is idle.
Another common indication of the cryptojacking virus is the overheating of the computing device. Overheating usually occurs when the computer runs highly- intensive programs or applications, causing the device great damage in return. Hence, if you detect consistent heat up cycles of your PC system as well as a faster than usual fan, it would be better to check for cryptojacking malware immediately.
High CPU usage
A sudden increase in CPU usage when you open a website or file also points towards potential cryptojacking malware. The chances of cryptojacking are higher if the webpage/document looks suspicious and integrates redundant content. Take caution, as in many cases, you may not even detect anything suspicious on Task Manager due to the ‘masking’ of the mining script.
Even if you identify the above-mentioned signs, it does not exactly stipulate that your device is infected. To be sure what’s happening, you can investigate the running applications via Task Manager or conduct a thorough system check via a credible anti-virus software.
Preventive measures against cryptojacking
As it is said that prevention is better than cure, you should take necessary measures to protect your device and crypto assets from a cryptojacking threat. Here are some tips to stop the attack in the first place:
- Implement an ad blocker extension on your browser.
- Avoid visiting suspicious websites that are not guaranteed secure (without a security badge).
- Install trusted and up-to-date anti-virus software on both mobile and web-based devices.
- Utilize anti-crypto mining browser extensions.
- Make use of a good cybersecurity system that could detect cyber threats on a broader level.