What is cryptojacking and how can you be affected?
We know how it sounds: cryptocurrency + hijacking. So, is it about someone stealing your cryptocurrencies? Surprisingly, not exactly. Cryptojacking is more about someone stealing your device resources and your electricity to mine cryptocurrencies. All of this, remotely, and without your consent or knowledge. Without you owning any cryptocurrency, even.
You could be an unwitting victim right now, and you probably wouldn’t know. That’s the trick. The hackers do everything they can for this malicious software to go unnoticed. As the cybersecurity firm Kaspersky Lab describes it:
“Cryptojacking is a type of cybercrime that involves the unauthorized use of people’s devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency. Like many forms of cybercrime, the motive is profit, but unlike other threats, it is designed to stay completely hidden from the victim.”
To make this possible, the hackers can secretly add the malware into some interesting file for the victim (local miner). That’s something like a game or movie downloaded from non-official sources, a malicious app, or maybe an attached file in an email. But they can also make focused attacks, especially against companies.
Once installed on the device, the malware works silently behind everything as long as the hosting machine it’s turned on. It can even spread itself all over the connected network, infecting numerous devices at the same time.
There’s another way, though. In some cases, all that the hacker needs to do is embed the same miner software into a website -any website. So, every user of this website would be mining cryptocurrencies while remaining in there, without knowing (web miner). Sometimes, the hacker even arranges the software to stay open in a tiny window hidden behind the taskbar when the user closes the infected web.
So, yes, anyone can be affected. But how do you know?
Symptoms and prevention
As you may know, cryptocurrency mining usually requires a lot of hardware resources and electricity. Bitcoin (BTC), for example, is the most difficult currency to mine. It requires specialized machines (ASIC miners), and an awful lot of energy. This is expensive for the miners, so, they usually join others in mining pools or prepare large mining farms with hundreds of machines -to cover their expenses and maximize their profits.
However, not every minable cryptocurrency is like that. Coins like Grin (GRIN), Dogecoin (DOGE), Zcash (ZEC), and Monero (XMR) can be mined with only CPUs, without any other specialized machine. Monero is, precisely, the most popular for cryptojacking malware, be it as a local miner or as a web miner.
Despite the fewer difficulty, the process can still consume the infected device resources quickly. At a minimum, the user will experience a slower system. At a maximum, in the case of mobile devices, the battery can run out in a few minutes, and the device may overheat. This, in turn, can cause some parts to become damaged due to heat.
If the device is connected to the energy, the electricity bill might rise for the victim. In any case, what the hacker is doing is stealing someone’s else resources to mine crypto for free and keep all the rewards for them.
- Shield triad at the rescue: keep updated the OS, antivirus, and firmware of all your smart devices, don’t open links or attached files from dubious emails and download files and software only from the official websites.
- If you’re unsure of a webpage, close your browser with all the windows and check on the Task Manager that there’s nothing suspicious still open, i.e., an unknown app, process, or even tab.
- Check if your browser offers extensions against malicious mining, like MinerBlock on Chrome.
- If you’re part of a business, stay up to date with your cybersecurity and ask the experts if you need it. Additionally, it’s also important to educate your employees about these threats.
How does cryptojacking work for the attackers?
We’ve been mentioning “hackers” here, but what they usually do is only build this malicious software and put it up for sale on the darknet. Cryptojacking malware is commonly developed with low-level programming languages like C++ or Assembler. But the most required characteristic seems to be how much time can go undetected by the victim. Just as the firm Digital Shadows explained:
“Attacks of this nature often have low barriers for entry. All a threat actor needs to do once they have purchased a botnet miner is get the victim to download it. Aside from the initial investment for the miner program and the cost of running the botnet, there is little overhead for the threat actor; vendors frequently advertise this method of attack as a source of ‘passive income’.”
A “botnet” is, basically, a network of bots designed to control at a certain level a massive number of devices at the same time. Botnet miners are used for infecting as many devices as possible simultaneously. This way, the attackers can take more resources and energy to improve their mining profits.
According to the European Network and Information Security Agency ( ENISA), the volume of cryptojacking infections increased by over 117% during 2021, compared to the last few years. Therefore, we can deduce that this attack is, indeed, very profitable for hackers and malicious buyers. And they’ll persist with it, especially against companies that can provide them huge resources for mining, like data centers.
Charity and ads: legit uses
Despite the bad uses, there are legit uses for local and web miners. They weren’t designed originally to work as malware, but as an alternative source of income for websites and organizations. The first web miner in existence, Coinhive (closed in 2019), was a legit software that clearly asked its users to warn about its presence publicly.
The resources and energy taken from the readers would be set to a minimum to avoid any inconvenience. At the same time, the readers would be helping the content developers to stay working. The ultimate goal was to replace the annoying ads as a source of income on websites, but the mined coins weren’t enough at the time -precisely because very little power was taken.
As for the local miners, some charities would publicly explain their operation and how that income would help them with their goals. So, they would ask for volunteers to download the miner and freely give their resources to help the cause.
Charity Mine and Cudo Donate are good examples. The first page works with a web miner, while the second one is a desktop and mobile application. All the funds mined go, of course, to different charitable causes.
As usual, cryptocurrencies are barely a tool. Its good or bad use depends on the actor, and cryptojacking isn’t different.
Wanna trade , ETH, and other tokens? You can do it safely on Alfacash! And don’t forget we’re talking about this and a lot of other things on our social media.
Originally published at https://blog.alfa.cash on March 14, 2022.