Cryptojacking Attack: Guide To Detect and Prevent it

Have you ever heard of a technique where hackers can use your computer or other devices to mine bitcoin and other cryptocurrencies without you even knowing about it and sending it back to themselves?

Cryptojacking refers to the unauthorized use of other people’s devices by hackers to mine cryptocurrencies and this is the favorite way of cybercriminals to get their hands on some crypto coins.

Cryptojacking is used by those who don’t want to mine legitimately by the use of mining rigs and other devices.

Cryptojacking

Cryptojacking is sometimes called drive-by mining which is also a great name by the way. It is based on the idea that a hacker can trick someone instead of maybe putting a virus on their machine (It might still be a virus), but he can trick other people into mining some cryptocurrency for him, and that way he can make a profit.

Think of cryptojacking as an alternative in crime-sensitive ransomware where a hacker tries to get money off someone by taking control of their files. Basically, they just try to use some of the CPU or GPU power of other people’s devices to earn some money for themselves, so theoretically they mine some coins for themself using other people’s resources.

The good news is that this is already less common than it was just a few months ago because Chrome, Firefox, and most Antivirus vendors are all cracking down on these kinds of mining scripts.

Coinhive (Now defunct) was actually a legitimate company that came up with the idea to mine cryptocurrencies while users browsed through the websites. They weren’t intending on people abusing their newly-developed services. So they introduced an opt-in version where a little pop-up turns up and asks you if you’d like to opt-in for mining instead of advertisements, and their scripts weren’t even blocked by browsers because that was a legitimate commercial alternative to advertisements.

How Cryptojacking Started?

So all this came about because a company called Coinhive decided that maybe instead of showing people advertisements online they could just use a little bit of their CPU power to mine cryptocurrencies while the users are browsing a website and that way they don’t have to look at advertisements and website owner still gets paid for every user visiting the website.

In some sense, I believe it wasn’t such a bad idea. Suppose you go to a news website and instead of seeing a huge load of banner ads you will only see a little notification that says you’re mining some cryptocurrency while you’re on this website and we’re going to make a small amount of money off this and in exchange for this you will not see any ads so you can read the news for free and without interruption.

Okay, and I mean the amount of money you’re going to spend on a couple of minutes reading an article is not very much even if you use your CPU on a hundred percent, this was the purpose of JavaScript. So you go to a website and it serves you a script that instructs your computer to start mining these coins.

The problem is that it wasn’t very long before people thought that maybe we don’t need to ask the users about their permission. We should maybe just have them mine all the coins all the time.

Another thing was that Coinhive had a Feature, which let its script use no more than 60% of a CPU’s power.

The malware programmers thought, well why don’t we use 100% of the CPU power.

Cryptojacking Traps

After getting the idea from Coinhive, hackers started making these mining scripts themselves and soon after began to be creative with it.

In the early days, hackers started creating websites offering similar functionality but using more of your resources to mine cryptocurrency at a faster rate.

Soon after hackers were creating clones that had malware to do this so you can just imagine that instead of getting ransomware you will just get something that runs on your PC and the same was true for phones.

You see an option to download an application that seemed too good to be true but there are not even any advertisements on this free app. Well, maybe because it’s using up extra power of your CPU to mine cryptocurrency.

Basically, malware is used and designed to be imperceptible so you can’t notice it and hence it only uses a few of your device’s resources so they can ideally exploit your device’s resources to mine crypto coins for them for a long time before you catch it and that is if you ever catch it.

Hackers are constantly being creative with cryptojacking because they know that it’s the best way to mine and earn a cryptocurrency so a user needs to watch out for these honeytraps.

Types of Cryptojacking Attacks

Link Malware

As the name suggests link malware cryptojacking means that the hackers send a link to your email or text message and when you click on that link they download a mining script onto your device which runs in the background and mines crypto coins using your CPU or GPU and sends it back to the address that the hackers control.

Website Malware

This is a little bit more common and usually known as web-based Cryptojacking and in this one hacker injects scripts into websites that they own, have taken over, exploited loopholes, or on online ads. So when people like you and I visit these sites the script executes automatically without being downloaded to your computer or mobile phone.

This is less aggressive as you can imagine because you’re only mining for them as long as you’re on the compromised website.

Cryptojacking vs Ransomware

So how does cryptojacking compare to ransomware? Many people have heard of ransomware with cryptocurrency attacks. Both of these give the hacker financial gains but ransomware is much more noticeable because it locks you out of your computer and you can’t access it unless you send the asked crypto ransom to the hacker’s address.

Cryptojacking on the other hand may go undetected for quite a while as it is less risky than ransomware because it just exploits a little bit of power on each device but if it is done at a huge scale like millions of visitors or on millions of effective devices, it can make hundreds of dollars every day to the hacker as opposed to just ransomware which usually targets one guy or a group of people.

So much more contact is required in ransomware between the attacker and the victim which is very risky and if the hacker isn’t careful he might leave some identifiable information for the authorities to catch him.

Popular Cryptojacking Cryptocurrencies

Almost every proof-of-work (POW) crypto coin that requires you to constantly solve these proof-of-work puzzles and mine for them is used by cryptojackers. Main cryptocurrencies mined by cryptojacking are:

  • Bitcoin (BTC)
  • Litecoin (LTC)
  • Monero (XMR)

Bitcoin Cryptojacking

Cryptojacking

If you decide to mine bitcoins (BTC) legitimately with your CPU it’d probably take you hundreds of years, and still, you may never earn one because compared to the size of the Bitcoin network, the mining power of one CPU is practically nothing.

But what if you could use thousands of CPUs for bitcoin mining. Now that is why cryptojacking is so widely practiced.

Same context stands for Litecoin (LTC).

Monero Cryptojacking

Cryptojacking

Hackers prefer ones that are easy to mine and the ones that can be mined with CPUs without needing GPUs. That’s why Monero (XMR) is a super popular choice for cryptojackers.

Since it is also untraceable so that’s a bonus for them. It is harder for hackers to get caught by the authorities if they mine and take it in Monero (XMR) form.

Moreover, Monero is quite different from other proof-of-work coins. It has a hashing function which in turn is used in the mining process in a CPU but it is quite hard to do on a GPU and so you get some benefit from having a dedicated rig.

Given the cost of a graphics card is not very good so you could have a lot of Android phones competing with big graphics cards in Monero and this makes somewhat sense to do it. It is also one of the reasons it was designed this way so that it could allow people to mine on phones and devices.

Due to this benefit, it’s also a good target for hackers to inject their cryptojacking malware because if you have a website where everyone is mining Monero for you, it is not going to make you a huge amount of money but it will make you some.

Monero is one of these currencies that’s very hard to keep a track of and so if hackers are smart enough, they can easily get away with it.

However, their own stupidity can get them caught like if they use the same cryptojacking address to buy pizza to their house it might be slightly easier to find them but if they try and hide it, it’s going to be harder.

How To Detect Cryptojacking Malware

I don’t want you to fall prey to this new way of hacking called cryptojacking and let me tell you about a few things that will immensely help you in detecting cryptojacking malware.

If your computer or internet is getting slower or your CPU or GPU fan has started running faster, then you probably are a victim of cryptojacking.

The developer or hacker plans to inject a certain script into the website code. When you visit such a website, the script starts running into the background of your browser and it mines cryptocurrencies like Monero on your PC without your consent, and it consumes your CPU and GPU hardware power.

Cryptojacking

Previously, websites used to be monetized using the ads on their website, but this was introduced as the new way of making money. There were legitimate companies like Coinhive (now defunct), which provided such services.

As per the statistics, the website owner could even make more than $100 for every million visitors they get using cryptojacking techniques. Even popular websites like ThePirateBay has openly accepted that they were monetizing their website using cryptojacking.

There is a long list of legitimate and illegitimate websites following cryptojacking. Some of them provide an opt-in option while some of them won’t even ask for your permission.

So how do you detect cryptojacking on your own device when you’re visiting such websites? Well if you notice a decrease in performance or maybe a lack in the execution of the commands that may be a sign of cryptojacking.

Here is a checklist to see if your device has been cryptojacked.

First, check if the CPU or GPU fan starts running faster on a specific website or on a web page.

Check the processes in your task manager for any suspicious activity.

Check the process being conducted on the task manager and make sure that there are no hidden background processes being carried out.

Check if your pc or browser becomes slow while visiting a website or if it gets stuck on a specific website or a web page.

Check if your PC restarts on a specific web page.

You must stay updated about the latest cryptojacking news in case there are new techniques that pop up every month or so.

Keep an eye out for your device overheating and if you have a CPU keep checking its usage from time to time and while you visit different websites, start utilizing anti-malware and antivirus software because they are very helpful in catching some of the malware as well.

Now you know what to look out for.

How To Prevent Cryptojacking

The best way to prevent cryptojacking is by installing extensions and tools that block the malware like Miner Block, No Coin Miner, and so forth. These extensions also monitor and block scripts related to mining.

You can download these extensions and protect yourself and also remember to block such websites so that you don’t come across these websites ever again.

Use a privacy browser like the Brave browser that can block ads automatically.

Do not try to download too many random extensions because many of them have also been known to be compromised and reported to leak sensitive information of the users like their crypto wallets addresses, identity, etc.

You have to be vigilant.

Do not click on random shady links sent to you and always have constant malware and virus scanners activated on your devices.

I really hope that now you can protect yourself from getting ripped.

Cryptojacking Attack Reports

Cryptojacking, also known as browser-based cryptocurrency mining has made a surprising comeback. Cryptojacking saw a more than 160% increase in detections as per the latest reports. The spike was unusual as most security experts considered the method the browser-based cryptojacking to be dead.

The highest activity of browser-based cryptocurrency mining or cryptojacking took place between September 2017 and March 2019. During that time it was actually one of the most common forms of a cyber attack.

The subsequent shutdown of Coinhive, a german-based internet service that gave its users the ability to mine Monero cryptocurrency inside their website by just adding a javascript library to their site’s source code. The service was innocently intended to be an alternative website monetization scheme to classic online ads but the service became popular with cybercriminals.

Cybercrime groups started hacking into websites and secretly loading Coinhive’s script code on the site with an alternative configuration designed to mine Monero for the criminal groups. This ran until march 2019 when Coinhive operator suddenly announced that they were shutting down.

In addition to the end of Coinhive academic teams who analyzed the scheme’s efficiency found that cryptojacking was incredibly inefficient at generating revenue. Just three classic online ads could generate as much as 5.5 times more revenue than a web-based cryptojacking script.

I think maybe the router hijacking botnet is to blame for cryptojacking’s rebirth because a source in the antivirus industry has told the website ZDNet that a router botnet likely caused the latest surge in cryptojacking detections.

The source who did not want to be identified by name further said that similar incidents have occurred previously in Latin America. Hackers broke into home routers and modified DNS settings to hijack legitimate web traffic then used hacked routers as proxies and even enabled them to launch DDoS attacks.

In even rarer instances, cybercrime groups also experimented with other ways of monetizing router botnets including deploying cryptojacking scripts which are usually modified versions of the old Coinhive javascript updated to work with the now-defunct Coinhive service.

Despite the new spikes in browser-based cryptojacking detections, the full comeback of the cryptojacking is not expected as most of the cybercrime groups who experimented with cryptojacking in the past would usually drop it after several weeks as they discover that browser-based cryptocurrency mining is not an efficient way to make a profit.

I know I feel a lot better having an anti-malware program installed on my pc which provides me the protection I need against malware and I strongly suggest you should too install an anti-malware program as its malware repair capabilities, remediation algorithms dive deep into your system to remove and address complex malware issues affecting the PC.

There are many anti-malware products that exist today and most of them are only good at flagging quarantine malware so they ultimately failed to fully remediate the root problem.

So carefully choose the one that detects, quarantines, and programmatically repairs malware problems on your PC.

Final Thoughts

Cryptojacking attacks may be active in some websites that you visit or even on your devices currently. That’s why you should take preventative measures because if left unchecked, you could see degrading performances of your devices and you may need to replace your device earlier than you thought you would.

I hope that some type of vetting procedure gets introduced on such websites and applications, which might hopefully detect this kind of stuff but it’s not always going to be easy to find such malware. So you can expect a few of these to pop up from time to time.

Sharing is Caring!

If you have any queries, ask me in the comments below.

If you have any issues/suggestions, send me an email via Contact Form.

You may also like:

What is a Dust Attack & 5 Ways To Be Safe

5 Best Anonymous Cryptocurrencies For Privacy

Guide To Crypto Arbitrage Trading: Types, Bots & Risks

Cryptocurrency For Beginners: The Most Comprehensive Guide

Leave a Comment

  • bitcoinBitcoin (BTC) $ 56,391.00
  • ethereumEthereum (ETH) $ 4,302.92
  • tetherTether (USDT) $ 1.00
  • litecoinLitecoin (LTC) $ 374.11
  • moneroMonero (XMR) $ 460.23