What is Cryptojacking & How does it Affect us?

What is Cryptojacking?

Cryptojacking is a cyber threat that covertly uses a computer or mobile device's resources to mine cryptocurrency. Cryptocurrencies, like Bitcoin and thousands of others, are digital or virtual forms of money. While some have made inroads into the physical world, the majority remain purely digital.

How Does Cryptojacking Work?

Cryptojacking involves hackers installing software on a victim's device without their knowledge. This software silently mines for cryptocurrencies or steals from crypto wallets while the device is in use. The performance of the infected device might degrade, but the user may not immediately realize the cause.

The methods for initiating cryptojacking typically include:

• Email-Based Attacks: Victims are tricked into clicking on a malicious link in an email, which then installs cryptomining code on their computer.
• Website and Ad-Based Attacks: Hackers embed JavaScript code in websites or online ads, which automatically executes in the victim's browser.

The cryptojacking script placed on the device silently runs complex mathematical computations and sends the results back to a server controlled by the attacker. Unlike other malware, cryptojacking scripts don't typically damage the computer or data but consume processing resources.

The impact of cryptojacking is more pronounced in business environments due to the increased IT and help desk workload and higher electricity costs. Some scripts also have the capability to spread to other devices on the network, and they can disable other competing cryptomining malware they find.

In some cases, web publishers have used cryptomining as a monetization strategy, transparently using visitors’ resources for mining in exchange for content. However, malicious cryptojacking does not seek permission and continues to operate even after the user has left the initiating website. These scripts are designed to use just enough resources to avoid detection. They can continue to run in hidden browser windows, like a pop-under that remains active unnoticed behind the taskbar or clock.

Cryptojacking also targets mobile devices, including Android phones, either through Trojans in apps or by redirecting users to infected websites. While individual mobile devices offer limited processing power, collectively, they can contribute significantly to the cryptojacker’s mining efforts.

Cryptojacking Attack – Examples

Cryptojacking has emerged as a significant cybersecurity threat, with several high-profile incidents reported in recent years. Here are some notable examples:

1. Microsoft Store Apps (2019): Eight apps from the Microsoft Store were found to secretly mine cryptocurrency using the resources of the devices they were installed on. These apps, supposedly from three different developers, were likely operated by the same entity. Users unwittingly downloaded cryptojacking JavaScript code, which then mined Monero, significantly using the device’s resources.
2. Los Angeles Times Homicide Report Page (2018): Cryptojacking code was hidden on the Homicide Report page of the Los Angeles Times website. Visitors to the page had their devices hijacked to mine Monero, with the mining script discreetly using minimal computing power to avoid detection.
3. European Water Utility Control System (2018): In a first-of-its-kind attack, cryptojackers targeted the operational technology network of a European water utility, affecting the utility plant's management. This attack also focused on mining Monero.
4. CoinHive Miner on YouTube Ads (Early 2018): The CoinHive miner, used for mining Monero, was discovered running on YouTube Ads via Google's DoubleClick platform, exploiting users' devices for cryptocurrency mining.
5. MikroTik Routers in Brazil (July-August 2018): Over 200,000 MikroTik routers in Brazil were infected with a cryptojacking attack that injected CoinHive code into large volumes of web traffic.
6. 'WannaMine' Malware (February 2018): Panda Security reported the spread of the 'WannaMine' cryptojacking script, mining Monero on infected computers worldwide. This malware variant exploited the EternalBlue vulnerability and was hard to detect and block, leading to numerous high-profile infections.
7. Cryptojacking Attack on Government Websites (February 2018): The governments of Britain, the U.S., and Canada experienced a cryptojacking attack exploiting a vulnerability in text-to-speech software embedded on government websites. The attack used the Coinhive script to mine Monero using visitors’ browsers.
8. Tesla Inc. Cloud Infrastructure (February 2018): Tesla's Amazon Web Services cloud infrastructure was compromised to run mining malware. The data exposure in this case was reportedly minimal, but the incident highlighted the broad security threats posed by cryptojacking, including significant electrical costs.

These incidents illustrate the diversity and sophistication of cryptojacking attacks, affecting a wide range of targets from individual users to large organizations and government bodies. The common thread in these attacks is the exploitation of unsuspecting victims’ resources to mine cryptocurrency, mainly Monero, due to its anonymity features.

How to Protect Yourself Against Cryptojacking

Cryptojacking is a significant security threat in the digital world, but there are effective measures you can take to protect yourself:

Use a Good Cybersecurity Program

Investing in a robust cybersecurity solution, such as Kaspersky Total Security, is crucial for detecting and preventing various threats, including cryptojacking malware. It's always more effective to have security measures in place before an attack occurs. Ensure that your operating system and all applications, particularly web browsers, are regularly updated with the latest software patches.

Be Alert to the Latest Cryptojacking Trends

Cryptojackers continually evolve their methods and code. Staying informed about the latest trends in cybersecurity can help you identify potential cryptojacking attempts on your network or devices, as well as other cybersecurity threats. This proactive approach is essential in the fast-evolving landscape of cyber threats.

Use Browser Extensions Designed to Block Cryptojacking

Since many cryptojacking scripts are deployed via web browsers, consider installing browser extensions that specifically block such activities. Extensions like minerBlock, No Coin, and Anti Miner are designed for this purpose and can be added to popular web browsers.

Use Ad Blockers

Cryptojacking scripts are often distributed through online ads. Utilizing an ad blocker can effectively prevent these scripts from executing. Ad blockers, such as Ad Blocker Plus, can detect and block cryptojacking codes embedded in ads, adding an additional layer of protection while you browse the web.

Disable JavaScript

Disabling JavaScript in your web browser can stop cryptojacking scripts from loading. However, this measure might also hinder the functionality of websites that rely on JavaScript for interactive features. Therefore, while effective for preventing drive-by cryptojacking, it's important to consider the potential impact on your web browsing experience and use this option judiciously.

By adopting these strategies, you can significantly reduce your risk of falling victim to cryptojacking, ensuring your device’s resources remain secure and used solely for your intended purposes.