Cryptojacking is an online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of online money known as cryptocurrencies. Cryptojacking also called malicious cryptomining. In fact, the core idea behind cryptojacking is that hackers use business and personal computer and device resources to do their mining work for them.

Before continuing this discussion, it is best to first get acquainted with the meaning of the word cryptocurrency. Cryptocurrency is a form of digital currency that can be used in exchange for goods, services, and even real money. Two words—“cryptography” and “currency”—combine to form “cryptocurrency,” which is electronic money, based on the principles of complex mathematical encryption. Users can “mine” it on their computer by using special programs to solve complex, encrypted math equations in order to gain a piece of the currency.

In other words, cryptocurrency is electricity converted into lines of code, which have a real monetary value

Learn more about Cryptocurrency.

The person who is doing the cryptojacking attack actually has only one motive: money. Mining cryptocurrencies can be very lucrative, but turning a profit is now next to impossible without the means to cover large costs. To someone with limited resources and questionable morals, cryptojacking is an effective, inexpensive way to mine valuable coins.

Cryptojacking uses the computer’s power and resources to mine for cryptocurrencies or steal cryptocurrency wallets owned by unsuspecting victims. With just a few lines of code, hackers can hijack the resources of any computer and leave unsuspecting victims with slower computer response times, increased processor usage, overheating computer devices, and higher electricity bills. For individual users, slower computer performance might be just an annoyance. Cryptojacking scripts do no damage to computers or victims’ data. They do steal CPU processing resources.

Source:  malwarebytes.com   and  varonis.com   and  norton.com

 

 

How Does Cryptojacking Work? 

Cryptojackers have more than one way to enslave your computer.

  • First method: Malware. This is done through phishing-like tactics: You click on a malicious link in an email and it loads cryptomining code directly onto your computer. Once your computer is infected, the cryptojacker starts working around the clock to mine cryptocurrency while staying hidden in the background. This method also called file-based Cryptojacking.
  • Second method: Drive-by cryptomining. This method involves embedding a piece of JavaScript code into a Web page. After that, it performs cryptocurrency mining on user machines that visit the page. This method also used for infecting Android mobile devices. In early instances of drive-by cryptomining, web publishers asking visitors’ permission to mine for cryptocurrencies while on their site. They posed it as a fair exchange: you get free content while they use your computer for mining. Why drive-by cryptomining use android phone and its relatively minor processing power? The answer is that a relatively large number of Android phones are actually using, and in fact the total processing power of all these phones will be significant. But more malicious versions of drive-by cryptomining don’t even get permission and keep running long after you leave the initial site. This is a common technique for owners of dubious sites, or hackers that have compromised legitimate sites. Users have no idea that a site they visited has been using their computer to mine cryptocurrency. The code uses just enough system resources to remain unnoticed. This method also called browser-based Cryptojacking. Therefore, Cryptojacking attacks can take place directly within a web browser, using IT infrastructure to mine for cryptocurrency.

Anyway, in both these methods, the code solves complex mathematical problems and sends the results to the hacker’s server while the victim is completely unaware. The scripts might also check to see if the device is already infected by competing cryptomining malware. If another cryptominer is detected, the script disables it.

In November 2017, Adguard reported a 31 percent growth rate for browser-based cryptojacking. In July 2018, Check Point Software Technologies reported that four of the top ten malware it has found are crypto miners, including the top two: Coinhive and Cryptoloot.

In fact, browser-based cryptojacking grew fast at first, but seems to be tapering off, likely because of cryptocurrency volatility.

Source:  malwarebytes.com   and  varonis.com   and  csoonline.com

 

 

How to Detect Cryptojacking 

There are some Symptoms of cryptojacking:

  • Decreasing performance on your device: If there’s an increase in CPU usage when users are on a website with little or no media content, it’s a sign that cryptomining scripts may be running.
  • Sluggish or unusually slow response times: Slower systems can be the first sign of cryptomining
  • Overheating of your device: The resource-intensive process of cryptojacking can cause computing devices to overheat.

Source:  varonis.com

 

 

How to Prevent Cryptojacking 

  1. A significant part of the ways to prevent this attack are in fact the same ways to prevent phishing attacks. In this post, you can get acquainted with these methods and recommendations.
  2. Installing a powerful anti-malware.
  3. Installing an ad-blocking or anti-cryptomining extension on web browsers.
  4. If possible, blocking JavaScript in the web browser
  5. Installing specialized programs, such as “No Coin” and “MinerBlock,” which block mining activities in popular browsers. Both have extensions for Chrome, Firefox, and Opera.

 

 

———————————

Sources:

norton.com

varonis.com

malwarebytes.com

csoonline.com