Do you know what cryptojacking is? Find out how it works and how to detect it.

CRYPTOJACKING-BLOG

While most cryptographic hacks involve stealing private keys belonging to a crypto wallet and emptying them, cryptojacking is based on infecting a device with malware to control it.

What is cryptojacking?

It consists of the hijacking of an electronic device without the user’s consent or knowledge, to take advantage of its resources to mine cryptocurrencies.

Think of cryptojacking as a parasite that secretly sucks the energy out of a computer. It is delivered in the form of malicious software (malware) that infects your devices for use in cryptocurrency mining. The target can be any device: computer, smartphone, even cloud servers; the latter is called cloud hijacking.

The motive, as you might expect, is to make money. When a device is infected with this malware, it takes control of the device’s computing power and channels a portion of it to mine certain cryptocurrencies. It then sends the extracted coins to the hacker’s wallet.

There was a time when websites experimented with crypto mining using their visitors’ computers to earn additional revenue. This is called browser mining and uses a simple web browser plugin that mines coins while on the website.

It is important to note that, unlike cryptojacking, browser mining is not a cybercrime. The big difference is whether the user is aware and gives consent to allow the website to use the device for cryptocurrency mining purposes. If it happens without authorization, then it is considered cryptojacking and a criminal act.

Some heralded browser mining as a new business model for monetizing web traffic. Reputable digital news sites, such as Salon, and the less reputable but much more popular site, The Pirate Bay, experimented with authorized cryptojacking as a supplemental source of revenue. Even the United Nations Children’s Fund (UNICEF) used it in 2018 to leverage followers’ computers to raise donations through cryptocurrency mining.

For a time, there was a full service based on this. CoinHive provided lines of code that allow websites to use their visitors’ devices to mine Monero, a privacy-centric cryptocurrency.

As expected, it was not long before it was misused. Websites started abusing the service to obtain additional revenue from visitors without their consent.

In fact, it became so widespread that CoinHive came under significant scrutiny and was eventually forced to shut down in 2019.

How does it work?

The reason cryptojacking is so prevalent is that the barrier to entry is low and very profitable for hackers. Hackers only need a few lines of JavaScript code to sneak into a device that will then run the mining malware surreptitiously in the background.

Hackers can trick the user into clicking on a phishing email link to load malicious code onto their device.

Another possibility is to infect a website with a command line embedded in the HTML code that automatically executes the program once the user opens a specific web page.

Some versions of malware are even capable of transmitting the virus to other devices and infecting entire servers. In some cases, this can allow hackers to benefit from the enormous computing resources of large server farms virtually for free.

Most of the time, cryptojacking does not involve the theft or corruption of any personal data. Its main purpose is to gain access to the computing power of your device. They also have incentives to stay under the radar. The longer the malware runs undetected on a computer, the more revenue hackers receive from coin mining.

Cryptojacking only exists with cryptocurrencies that use the proof-of-work consensus protocol. This subset of coins uses computational power to verify transactions and secure the network, and in doing so, they are rewarded with coins.

According to Interpol , the most notorious cryptocurrency exploited by hackers is monero (XMR) due to the high level of anonymity it offers, making it difficult to track transactions. Bitcoin (BTC), the largest proof-of-work cryptocurrency, was once popular among cryptojackers, but the mining industry has become so competitive with specialized machines and large warehouses that it makes little sense to try to mine it using other people’s laptops.

How can it be detected?

The goal of cryptojacking is to hide in the background for as long as possible to mine more cryptocurrencies. The malware is designed to use as much power as it takes, and goes almost unnoticed.

However, there are certain signs that your computer has been infected by cryptojacking malware. Some examples are:

  • High CPU (central processing unit) usage
  • The device is slower and noisier
  • Excessive heating
  • Battery drains faster
  • Unexpected increases in electricity bills (for server farms)

It does not necessarily mean that your device mines cryptocurrencies if you experience any of the above signs. Open Task Manager on the PC or Activity Monitor on the Mac to check which programs are using your device’s computing power.

It is best to run a system check using antivirus software. Most cybersecurity software can recognize, detect and quarantine cryptojacking malware, including:

  • Avira antivirus
  • Avast
  • Bitdefender
  • Eset
  • Malwarebytes

For people who operate websites, you can look for suspicious lines in the HTML code or resort to programs that scan websites for malicious code. Examples of the latter include:

  • Malcura
  • Sucuri

Information from: Coindesk

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top