What is cryptojacking? How to protect yourself from this rising cybercrime

If your device is being cryptojacked, it’s being taken over and forced to mine cryptocurrency, often without your knowledge

If you’ve been familiarising yourself with cryptocurrency and blockchain technology, you may have heard of cryptojacking. But while it almost sounds like an adventure sport, unfortunately, there’s nothing exciting about it. The only thing that will get high with cryptojacking is the victim’s electricity bill. And, of course, the nasty hacker filling his or her wallet with Monero.

What is cryptojacking?

Let’s recap: what is cryptojacking again? Cryptojacking is a rising cybersecurity threat, the biggest of 2018. It is indiscriminate and infects all kinds of devices, from laptops and servers to desktops and mobile phones.

For additional context, as much as one-quarter of all companies were infected with cryptojacking malware in 2018.

If your device is being cryptojacked, it’s being taken over and forced to mine cryptocurrency, often without your knowledge.

Doesn’t mining cryptocurrency require a lot of power?

Mining cryptocurrency requires a high level of computational power – much more than your own ailing laptop can provide. But cryptojacking, unlike ransomware or malware, isn’t an obvious, one-time vicious attack that shuts down your machine, steals your data, or drains your wallet. It’s more like a leach that latches on and drains a small amount of your CPU over time.

When hackers set their code to use a very low amount of CPU, you may not even notice that it’s happening. Many of the symptoms of cryptojacking are similar to those of a poorly performing computer that many of us put up with daily. Think an over-heating fan, a freezing browser, and a lacklustre performance, for example.

Besides these annoyances, the worst problem about cryptojacking is that it uses a high amount of power. So, if you’d brushed off a poorly performing computer to old age, you should finally put two and two together when your electricity bill arrives at the end of the month.

Although cryptojacking is a non-aggressive form of cybercrime, in some cases, it can actually harm your device, not to mention significantly slow it down. Moreover, simply because the perpetrators aren’t aggressively stealing your data doesn’t mean they are any less guilty. They’re still using other people’s devices illegally without authorisation.

The most high-profile case of cryptojacking so far was, without doubt, that of the Shominru Mining Botnet. Infecting more than 500,000 machines, this giant crypto mining bot targeted Windows servers and, over time, mined a massive $3.5 million of Monero.

How do I get cryptojacked?

Don’t make the mistake of thinking that cryptojacking only happens to cryptocurrency users. You don’t need to be browsing crypto media or opening an account on an exchange to get infected. Seemingly innocent vectors such as free content management systems (CMS) can contain malicious code, and they’re easy to download without realising.

In fact, a massive 13,000 WordPress plugins were found to contain critical security vulnerabilities last year that made them easy targets for illegal cryptocurrency mining.

Social media is another major vector for phishing tactics that use an official-looking email to encourage victims to click a link and download malicious code. Malvertising can also infect your device, but using an adblocker can help you avoid this.

Avast Software also revealed that GitHub was popular with cryptocurrency miners as they fork existing legitimate products and cunningly hide their malware within.

Unlike other viruses, you don’t even need to download malware to get cryptojacked. Thanks to the rise of programs like Coinhive JavaScript, websites can be infected with cryptojacking malware fairly easily.

While some sites make use of this code intentionally as an alternative to advertising revenue streams, such as the Pirate Bay, the majority of websites become infected without their knowledge.

In 2018, more than 300 websites using the Drupal content management system became infected with Coinhive JavaScript and were used to mine Monero. Among the sites were those of the San Diego Zoo, Lenovo, and UCLA.

Can I protect myself against cryptojacking?

Using a robust antivirus is a good start, but that doesn’t make you immune. There are also plugins such as NoCoin for Chrome and Firefox, and minerBlock. However, even with these in place, as much as 82% of infected sites still go undetected.

Moreover, due to the indiscriminate nature of cryptojacking, it’s not only companies with large servers that make an obvious target. Cryptojackers go after anyone with a personal computer, mobile phone, or even an IoT device.

According to research by Kaspersky Lab, mobile mining is on the rise, and once it becomes more profitable, it will explode in proliferation. Android users are particularly susceptible to cryptojacking, with 60 million devices already used for illicit cryptocurrency mining by February 2018.

Cryptojacking – the key takeaway

While you may not always be able to prevent cryptojacking, you can remain alert to the symptoms and use common sense while navigating online. Ensure that your adblocker and antivirus software are up to date. Never click on a link in an email or download unofficial software, and double and triple check URLs before opening them. Don’t make it easier for hackers to use your device for their personal gain.

Related Articles