Cryptocurrencies have attracted people from all spheres of life and cybercriminals are not left out. As the industry evolves rapidly, criminals are also doing their best to exploit inexperienced crypto users. One of the methods used by criminals to exploit cryptocurrency users is cryptojacking; a malicious practice that has attracted a lot of cybercriminals because it involves little to no risk.
To keep our discussion clear and easy to understand, we break it down as follows:
- What is cryptojacking?
- How does cryptojacking work?
- Which cryptocurrencies do hackers actually mine?
- Cryptojacking vs Ransomware.
- How to detect cryptojacking.
- How to prevent yourself from cryptojacking.
- Final thoughts
What is cryptojacking a.k.a cryptomining malware attack?
Cryptojacking is the unauthorized use of people’s devices (smartphones, laptops, servers, etc) to mine cryptocurrencies without their permission. Such attacks are carried out by cybercriminals who don’t want to spend money on building legitimate and costly mining rigs. Most often, the cryptomining malware is designed to use only a very tiny proportion of the victim’s system resources, making it hard for them to notice the malicious act. As such, the hacker can exploit the victim’s device(s) for as long as possible.
How does cryptojacking work?
Cryptojacking works in different ways, depending on how the cryptomining malware is designed. The first method is similar to a phishing attack wherein seemingly legitimate links are sent via email or text messages to someone. When the unsuspecting user clicks on the link, a cryptomining script is downloaded onto their device and starts running in the background; thus mining cryptocurrency for the hacker.
Another method is web-based cryptojacking. Here, hackers start by injecting cryptomining scripts on various websites or online ads. When users visit any of these websites, or the infected ad pops up in their browser, the script executes automatically without necessarily being downloaded onto the victim’s device. This method of cryptojacking is less aggressive since victims are only exploited for the time that they visit the infected website or when the compromised ad is being displayed. As the user leaves the website, their device also stops mining crypto for the hacker.
Which cryptocurrencies do hackers actually mine?
Hackers can use your device to mine any Proof of Work-based cryptocurrency like bitcoin, litecoin, monero, etc. Most often though, they prefer cryptocurrencies that require less computational power. That is why monero has been one of the favorite coins for cryptojacking, especially as it offers additional privacy, which makes transactions untraceable.
Cryptojacking vs Ransomware.
Cryptojacking and Ransomware are aimed at providing the hacker with financial gain. However, a ransomware attack is easier to notice as the victim is usually blocked from accessing their device. But with cryptojacking, the victim might continue working on their device for a reasonable length of time without noticing any form of unauthorized usage.
Also, cryptojacking is more appealing to cybercriminals because it is less risky. All that is required of the hacker is to exploit little amounts of computational power from many devices which later amounts to huge sums. With Ransomware attacks though, there’s some form of contact between the attacker and the victim when receiving funds, which opens up a way for a possible investigation.
How to detect cryptojacking.
A device that’s been cryptojacked is obviously not functioning at its best. To find out if you are a victim of such an attack, do the following:
- Check to see if you notice any decrease in computer performance or lags in execution. If you do, that could be due to cryptomining script that is slowing down some functions
of your device.
- Stay up to date on cryptojacking related information so that you always know what to do when hackers develop new and more sophisticated techniques to exploit people’s devices.
- Find out if your smartphone, laptop, tablet, etc is overheating as this could be a signal that unauthorized mining script is using up a lot of system resources and causing your devices to work harder.
- Keep an eye on your CPU as you visit different websites. If you notice any abnormal increase in the CPU usage, it’s very likely that cryptomining script has been embedded into the website.
How to prevent yourself from cryptojacking.
Cryptomining malware that’s been installed in your device is harder to detect than web-based cryptojacking. That is why you should take the appropriate measures to prevent the cryptomining malware from taking control of your device in the first place.
To prevent yourself from cryptojacking, the first thing is awareness. You need to know how cryptomining malware actually works. And if you’re running an organization, you want to make time and educate your staff to take the necessary security measures to prevent your organization’s equipment from being exploited.
- Install extensions that block cryptomining.
There are browser extensions designed specifically to prevent cryptomining from happening in your browser such as MinerBlock, MineBlock, and NoCoin. These extensions would monitor your device for malicious activities and block unwanted mining scripts from accessing your computer.
- Use a privacy browser.
If you’ve already downloaded lots of extensions onto your browser, chances are you don’t want to download more. In that case, consider using a privacy-focused browser like brave, which lets you decide whether or not to view ads in your browser.
- Be vigilant.
Be wary of links sent to you either via email or through any messaging application. You don’t want to find yourself randomly clicking links sent by people you know little or nothing about. Most often than not, hackers would pretend to be offering you a highly discounted or special service. And that is how they get to install cryptomining malware in your device.
It is very easy for cryptojacking to go unnoticed on people’s devices as the cryptomining malware is not designed to change how a device operates. As such, users need to take all the preventive measures necessary to avoid the unauthorized use of their computers. If cryptojacking is left unchecked, the victim would end up paying higher bills than they normally would. Plus, their devices would also wear out faster than normal.
A video presentation of this article is available here on YouTube
Over to You!
Have you been a victim of cryptojacking before? Have more tips on how to prevent it? Share with us in the comments section below.