These days, much of your daily activity happens online. It applies both to individuals and businesses — we depend on the internet for our work, data storage, and entertainment. It means that criminals seeking to grab our resources focus on the cyber world, too. One of the relatively new threats is called ‘cryptojacking’. Read on to learn what is cryptojacking and if your device shows any symptoms of it.
What Is Cryptojacking: The Basics
The term itself looks like something related to cryptocurrency, and it is. Cryptjacking refers to the practice when a hacker uses the computing power of your device to mine cryptocurrency. Most cryptojacking victims are not even aware of it.
Here are some facts about cryptojacking:
- It got popular together with cryptocurrencies. As fair mining requires a lot of resources, some malicious persons found a way to mine coins without investing in expensive hardware and paying electricity bills.
- Many victims don’t even suspect their device does it. Cryptojacking is rather hard to detect and the symptoms of it are generic.
- You don’t have to be a cryptocurrency user to get infected. It’s enough to have a computer, laptop, tablet or smartphone and neglect basic security measures like installing and updating antivirus software.
- Cryptojackers prefer ‘privacy coins’. Though many people associate illicit mining with BTC, this coin comes second. The favorite is Monero (XRM).
- Such mining can be legal, too. There is a special service called Coinhive, allowing website owners to use the computing power of their visitors for mining crypto. Some of these sites are open about using this script — they see it as a fair way to monetize the traffic without making users pay for the content. The famous example is Pirate Bay, a popular torrent service, which recently added a disclaimer to their homepage.
Cryptojacking: Main Methods To Make You Mine
There are several methods cryptojackers apply to steal your computing power. Being aware of them is the first layer of your protection.
- You visit a website that uses cryptomining script
As we mentioned, using the computing resources of a website visitors may be a legit practice. The owners of the site don’t charge you anything for their content but make you do some calculations instead. Sounds fair, doesn’t it? The problem is, there is no warning, in most cases. Therefore, we may call it stealing.
Also, there are sites that contain fake ads with malicious links. They work the same way as the links we discussed above. - ‘Coffee-mining’
A new tool named CoffeeMiner makes it possible to use the computing power of the devices connecting to a public Wi-Fi network. It’s an open-source app that anyone can use for the so-called Man-in-the-Middle attack. The name refers to coffee-shops and similar establishments that often provide free Wi-Fi to attract more customers. The application embeds a special JavaScript code into the sites the victim visits. It lets the hacker use the victim’s CPU for mining cryptocurrency. The most popular choice is the Monero.
Thе CoffeeMiner app got famous due to the attack in one of Buenos Aires Starbucks coffee-shops in December 2018.
Cryptojacking: How It Is Done
Now, let’s examine this malicious process step by step. Here is the mechanism:
- Hackers compromise a website or email message by embedding a special code in it.
- The victim executes the script by clicking on a malicious link/attachment in a familiar-looking email or on an alluring website ad.
- Then, the cryptomining code runs in the background. Normally, the owner of the infected device doesn’t suspect anything.
- The script that now secretly runs on your PC allows the hacker to use your computing powers for solving complicated math puzzles. It’s an essential part of Proof-of-Work mining.
- Every time such a puzzle is solved, the cryprojacker receives the reward. Thus, all the work is done at your expense but the profit goes to the bad guy.
Cryptojacking: How To Avoid Falling Victim To It
Doing secret mining is damaging. It slows down your machine and increases your electricity bills as mining is very power-consuming.
Here are a few things to keep in mind if you want to protect yourself from this hateful scenario.
Cryptojacking: Preventive Measures
Well, detecting a threat is important.
But how do you prevent it in the first place? There are some measures that have proved effective. Use them to keep your business or private activity protected from getting this cyber bug.
Get Your Security Team Properly Trained
If you are a business, make sure your IT guys know how to detect the threat and deal with it. The earlier they do it, the smaller is the damage. Also, educate the people who work for you — for instance, demand they read this article). Your employees and family should understand the risks of clicking on any link or ad. It’s important: according to some reports, there are about 50,000 websites infected with scripts like Coinhive.
Use Special Browser Extensions
There are browser extensions like minerBlock, Anti-Miner, NoCoin. The names are self-explanatory. Install them to prevent bad scripts from stealing your computing powers.
Ban the Ads
The best way to prevent anyone from clicking on bad ads is to ban them altogether. Using an ad-blocker would be a good solution.
No Java Script
Some people believe that Java is essential to enjoy many functions. But if you cannot explain what these functions are, it’s highly likely that you don’t need Java at all. The experts recommend disabling JavaScript. By doing it, you will get rid of one of the most insecure places in your software.
Avoid Public Wi-Fi
Everyone who cares about the safety of their data should forget about public Wi-Fi hotspots in airports, shopping malls, coffee-shops, etc. If you cannot do without it, install VPN and antivirus software.
Conclusion
As you have noticed, cryptojackers thrive on ignorance and carelessness. Thus, the rule of thumb would be to keep your eyes open and implement some simple security measures we described.
Originally published at Exscudo Blog. Check it out for more articles on crypto, blockchain, finance, trading, and technology.
