facebook_pixel
Cryptojacking: What it is and how to protect yourself

Cryptojacking: What it is and how to protect yourself

Lyton atinga

Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Cryptocurrency is simply a digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds operating independently of central bank. It is a digital asset that has been created to work as a channel of trade. The technology uses a process named cryptography which guards all of the transactions and regulates the formulation of additional units of the currency. These digital currencies are also categorised as alternative currencies and virtual currencies.

There are two primary ways hackers can cryptojack you to secretly mine cryptocurrencies. These include:

  1. Trick victim into loading cryptomining code onto their computers through phishing tactics. In this trick, a victim normally receives a legit looking email which encourages them to click on. Upon clicking, the link runs code that places the cryptomining script on the computer. The script then runs on the background as the victim works.
  2. The hacker can as well inject a script on the website or on ad that is delivered to multiple websites. When the victim visits the website or the infected ad pops up in their browsers, the script will execute automatically. The code will then run complex mathematical problems on the victim’s computer and send the result to the hacker’s server.

Hackers often will use both methods to maximize their return. “Attacks use old malware tricks to deliver more reliable and persistent software [to the victims’ computers] as a fall back,” says Vaystikh. For example, of 100 devices mining cryptocurrencies for a hacker, 10 percent might be generating income from code on the victims’ machines, while 90 percent do so through their web browsers.

Unlike most other types of malware, cryptojacking scripts do no damage to computers or victims’ data. They do steal CPU processing resources. For individual users, slower computer performance might be just an annoyance. Organization with many cryptojacked systems can incur real costs in terms of help desk and IT time spent tracking down performance issues and replacing components or systems in the hope of solving the problem.
To detect cryptojacking can be difficult at times. The following are some of the symptoms of cryptojacking:

  1. Device heating up
  2. Laptop making loud whirring noises
  3. Battery draining faster than usual
  4. Impaired device performance such as slowing down or crashing
  5. Check your resource usage
  6. Check to see if your browser is secretly still running
  7. Keep a close watch on your Cloud Bills

Check Resource Usage
To check you resource usage, you should first open the task manager, this can be done by pressing ctrl + alt + del keys simultaneously. Either, you can open the Activity Monitor in case you are using MacBook. Check out to see if your CPU resources are being maxed out at 99% or more. If the program you are running in your device has no business using all that power, then cryptojacking might be the cause of all that power drain.
Check to see if your browser is secretly running

Close your internet browser window and open the task manager or the Activity Monitor in case you are using a MacBook to see if the program still shows as open. The hackers typically run through your browser and create a tiny ‘pop-up’ browser window that hides behind your Start button or toolbar, so it can continue to consume computer resources even after you think you’ve closed your browser.

Keep a close watch on your cloud bills
Hackers are also capable of phishing your cloud usernames and password and allocate your cloud resources towards mining, but you won’t know about the problem until the end of the month. Sadly, this method can be pricey.

CAUSES OF CRYPTOJACKING
Currencies such as Bitcoin, Ethereum and Monero are all continually ‘mined’ by using distributed computing resources to work out problems that generate ‘hashes’. Anyone can use their machines to process new coins in this way, but with cryptojacking, website owners and app developers are able to harness the CPU of their audience instead, earning them cryptocurrency in the process.

Hackers cryptojack your device by either getting you to click on a malicious link in an email that loads crypto mining code on your device, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in your browser.

Avoiding Cryptojacking

There is no clear law that defines whether cryptojacking is legal or illegal, but the method is not ethical by any means as internet users have their resources taken away without their consent or receive any incentive.
Cryptojacked victims usually will notice that their devices will be low on battery quite fast, or their devices will heat up fast while some will observe that their CPU power utilization will be higher than usual. By entering your task manager, you can check your CPU utilization to check if you are being cryptojacked.

There are some security practices and plugins that you can use to avoid being a victim of in-browser cryptojacking:

  • Never click on a link in an email.
  • Turn off your JavaScript in the browser.
  • You can run anti-phishing software, antivirus, and adblockers for chrome extensions like No Coin or MinerBlock.
  • You can run specific script blockers such as NoScript or uBlock.
  • Think of using more privacy-centric browsers.

The best remedy is prevention. Stay safe from cryptojacking by following this guidance:
Watch out for phishing-type attempts to load scripts onto your device

Install an ad-blocker extension for your web browsers
Routinely check your browser extensions for anything suspicious and keep them up to date
No matter how hard you try to educate yourself and your team, it’s inevitable that some attempts will slip through the net. To stay ahead of the attacker it’s imperative to have a security solution in place which is able to intercept traffic to phishing sites, stopping the threat at its source.

Share this post

Share on facebook
Share on twitter
Share on pinterest
Share on linkedin
Share on reddit
Share on whatsapp
Share on email