How Does Cryptojacking Work? How Do I Protect Myself Against Cryptojacking?

Cryptojackers have more than one way of taking advantage of other users' computers. One of the methods works like classic malware. The user clicks on a malicious link in an email that uploads cryptocurrency mining code directly to the computer. Once the computer is infected, the cryptojacker begins to work around the clock to extract cryptocurrencies, staying hidden in the background. Since it resides on the PC, it is local, which means that it is a persistent threat that has infected the computer itself.

An alternative approach to cryptojacking is sometimes called fortuitous cryptocurrency mining. Like malvertising exploits, the scheme involves embedding a snippet of JavaScript code into a web page. Afterward, it performs cryptocurrency mining on the machines of the users who visit that page.

In the first cases of fortuitous cryptocurrency mining, web publishers took to the bitcoin rush in an attempt to supplement their income and monetize their site traffic; they openly asked visitors for permission to mine cryptocurrencies while on their sites. They posed it as a fair trade: you get free content while they use your computer for mining. If you are, for example, on a gaming site, you will probably stay on the page for some time while the JavaScript code extracts coins. Then when you leave the site, the cryptocurrency mining closes and frees up your computer. In theory, it's not that bad, as long as the site is transparent and honest about what it's doing, but it's hard to make sure the sites play fair.

The more malicious versions of fortuitous cryptocurrency mining don't bother asking for permission and keep running long after the user exits the initial site. This is a common technique of dubious site owners or hackers who have compromised legitimate sites. Users have no idea that the site they visited has used their computer to mine cryptocurrencies. The code uses minimal enough system resources to be inconspicuous. Although the user thinks that the visible browser windows are closed, a hidden window is still open. It is usually a small hidden window that fits under the taskbar or clock.

Haphazard cryptocurrency mining can infect even Android mobile devices. It works with the same methods that are used for desktop computers. Some attacks take place through a Trojan hidden in a downloaded application. Or, users' phones can be redirected to an infected site that leaves behind a persistent hidden window. There is even a Trojan that invades Android phones with an installer so nefarious that it can invade the processor to the point that it overheats the phone, increases battery consumption, and renders Android useless. And not only that.

You may be wondering why your phone has relatively less processing power. When these attacks occur en masse, the largest number of smartphones constitutes a collective force worthy of the attention of cryptojackers.

Some computer security professionals point out that, unlike many other types of malware, cryptojacking scripts do not harm computer or victim data. But the theft of CPU resources has consequences. Certainly, the decrease in computer performance can be just a bummer for an individual user. But in large organizations that have suffered from cryptojacking in many systems, it translates into real costs. IT department labor and power consumption costs, as well as missed opportunities, are just some of the consequences of what happens when an organization is affected by fortuitous cryptojacking.

How prevalent is cryptojacking?

Cryptojacking is relatively new, but it is already one of the most common internet threats. In a recent Malwarebytes blog, it was revealed that malicious cryptocurrency mining (another name for cryptojacking) has been the most frequently encountered malware attack since September 2017. The following month, in an article published in October 2017, Fortune suggested that cryptojacking is the biggest security threat in the digital world. Most recently, we have seen a 4000% increase in Android cryptojacking malware detections during Q1 2018.

What's more, cryptojackers aim higher and higher and invade increasingly powerful hardware. An example is an incident in which criminals were cryptojacking from the operational technology network of the control system of a European public water distribution service and that degraded the operator's ability to manage the plant of that public service. In another case mentioned in the same report, a group of Russian scientists allegedly used the supercomputer at their nuclear warhead research and construction center to mine bitcoins.

Despite these harsh intrusions, cryptojacking of personal devices remains the most prevalent problem, as stealing small amounts from many devices can accumulate large sums. It appears that criminals prefer cryptojacking to ransomware (which in turn uses cryptocurrency for anonymous ransom payments) as it potentially returns hackers more money with less risk.

How can I protect myself against cryptojacking?

Whether you have suffered a cryptojacking attack locally on your system or via the browser, it can be difficult to detect the intrusion manually after the fact. Similarly, figuring out the source of CPU usage can be complex. The processes can be hidden or masked as legitimate to prevent the user from stopping the misuse. Another advantage for cryptojackers is the fact that when your computer is running at full capacity, the protection will run very slowly, and therefore it will be more difficult to solve the problem. As with malware precautions, it is much better to install security before becoming a victim.

An obvious option is to block JavaScript in the browser you use to browse the web. Although this breaks haphazard cryptojacking, it could also block the use of features you like and need. There are specialized programs, such as "No Coin" and "MinerBlock", that block mining activity in the most common browsers. They both have extensions for Chrome, Firefox, and Opera. Newer versions of Opera even have No Coin built-in.

However, our suggestion is to avoid custom-built solutions and look for a more comprehensive IT security program. Malwarebytes, for example, protects you from more than just cryptojacking. It also prevents malware, ransomware, and various Internet threats. Whether the attackers try to use malware or try an inadvertent download via the browser or a Trojan, you are protected against cryptojacking.

In an ever-changing threat landscape, staying safe from the latest dangers like cryptojacking is a full-time job. With Total Security Software, you have the means to detect and clean up any type of intrusion and ensure that only you use your computer's resources.