Cryptojacking is a malicious method of cryptomining. It first emerged in 2017 when CoinHive published code on its website. The code was a mining tool added to a website so that owners could earn extra income through cryptomining.
People earn cryptocurrency (coins) through mining. They use expensive hardware (high-end CPUs, data mining hardware, and servers), processing power, and electricity to solve complex algorithms. Hackers changed the mining tool and used it to steal processing power from users through browsers or installed applications. Essentially, they could earn coins without buying any hardware.
What Is Cryptomining?
Many cryptocurrencies, a famous example being Bitcoin, use blockchain systems to validate transactions. Mining cryptocurrency is the method of adding transactions to the blockchain, which is a record of all previous cryptocurrency transactions.
Adding more blocks to the chain requires a proof of work from a miner. It is a complex algorithm that needs to be difficult for a CPU to decipher. When the algorithm is solved, the miner is rewarded with coins in their wallet.
Miners can use their own mining hardware and computers. This is costly and might not be a profitable exercise for the miner because the hardware costs might outweigh the value of the mined coins.
It is also possible for miners to buy CPU power from the cloud. They can use the resources of data centers to generate coins, although this method includes subscription fees and a cap on how much someone can mine.
What Is Cryptojacking?
Hackers took cloud cryptomining a step further by using CoinHive’s code to write their own scripts. These scripts maliciously drew CPU power from website visitors and other computer users.
They now use a variety of malicious software to hijack the processing power of personal or business networks. These hackers use the processing power of unaware users to add coins to their wallets.
Hackers use websites, files, and the cloud to gain access to and drain a system’s resources. They only need a user to opt-in to installing or running a script, which runs undetected on a user’s computer.
How it works is, hackers devise convincing looking emails with infected links containing these scripts. It could be a long-lost relative seeking to make a connection or a dream business opportunity. They then send them to employees at a company who open them up.
Hackers only need the user to click on a link or an attachment in the email. As soon as they do, the script runs and siphons CPU resources.
Additionally, hackers hide malicious scripts on Windows applications. They only need the user to install the app for the script to use CPU power.
For example, in 2018, hackers created fake Adobe Flash updates. Bundled with the official software, it would have been difficult for a user to spot the malicious files. Many other applications might contain these scripts too.
How It Works
Cryptojacking hackers are also known as threat actors. They compose or search for files or code to embed their scripts in. After this, they wait for users to execute the script, either through installing an application or visiting a specific site. Then, the script begins running in the background.
The script siphons processing power to solve algorithms to add blocks to the blockchain. The threat actors receive coins for solving each problem. It is simple to execute, and the potential reward is quite high.
Threat actors need more and more CPU power to mine more efficiently, so their scripts could significantly slow down many of a company’s systems. Computers and other devices might crash due to the performance strain. These devices would be costly for companies to repair or replace.
Website and Cloud Cryptomining
Website owners can ask their visitors’ permission to allow mining while the visitor is on their site, but some do not. Other websites run the script even after the user has left the site. A famous example would be PirateBay, a popular torrent site. The website had mining scripts installed and was mining without their users’ permission.
Cybercriminals also comb through cloud API keys to find cloud access to the platform. They then use almost unlimited CPU resources for mining crypto. For example, they reroute server CPUs and can install scripts on network devices. This could cause a massive strain on a network’s performance because hackers could install the scripts on any device connected to the cloud platform.
How To Detect It
Threat actors write small lines of code. These scripts can easily go under the radar and slip through distracted user’s defenses. Here are a few ways of spotting those scripts on a computer or device.
Increased CPU Usage
Cryptojacking draws power from a CPU to add blocks to the blockchain. Consequently, it slows down a user’s computer. The extra power used by the computer leads to higher electricity bills because the more processing power used, the more electricity a computer draws.
All in all, it is best to monitor a computer’s CPU usage and to keep a record of all high usage applications.
Computers and devices infected with malicious scripts might also overheat due to the massive amounts of power. Overheating causes hardware failure, like hard drive crashes and heatsink failures, which may result in costly repairs.
Keep an eye on which devices are running hotter than usual.
Additionally, it is a good practice to routinely scan for malware on a network or computer. Anti-virus software might detect the scripts before they seriously damage your systems. They are especially useful when scanning email attachments and applications.
Anti-virus could easily detect, quarantine, and remove any malicious files.
EDR (End-point detection and response) solutions are also helpful. These solutions could pick up any abnormal behavior on a system. So, it would notice if an application was using more processing power than necessary.
EDR also has threat hunting capabilities, which would make it easier for IT teams to investigate any abnormally high CPU usage on the network. They could also access a record of all actions made by a single device on the network. This allows an IT team to isolate and contain any unauthorized mining attempts.
Knowledge is power, and keeping up to date with the latest cryptojacking methods is useful. For instance, knowing which methods hackers use would make it easier for a user to spot suspicious activity on their computer.
There have been many cryptojacking attempts and successes in the past, and most of them are well recorded. It is wise to see the scope and insidiousness of previous cryptojacking incidents.
How To Avoid It
Hackers rely on the ignorance of their victims. So, IT teams and employees must receive training on the methods used by hackers. They need to know about the steps involved in cryptojacking. They should be able to identify symptoms, like slower devices and overheating hardware.
Educate Your Team
Employees need to know which protocol to follow when receiving suspicious emails. They should not click on any attachments from unfamiliar email addresses.
Threat actors could also disguise themselves as company employees by using a similar email address, so employees need to be hyper-vigilant when handling their emails. They also need to be aware of common phishing scams, and they should scan for malicious software after every application they install.
New IT Training and Tools
More importantly, IT teams need training in using Windows PowerShell. They can use this application to search for malicious scripts in applications on the network’s computers.
Teams can also use PowerShell to install specific security scripts, which help with identifying network vulnerabilities, workstation security capabilities, and monitoring attacks on the network.
IT teams can also install software to minimize the risk of unauthorized mining. Software-like browser extensions like No Coin, a browser extension that explicitly blocks cryptomining, do this exclusively.
AdBlockers are effective at blocking ads that contain malicious scripts. AdBlock uses a Cryptocurrency Mining Protection List, which blocks sites from mining coins on a user’s browser.
Hackers do not need massive resources for cryptojacking. As a result, it is easier to attempt.
If cryptomining remains profitable, these attempts will continue. Therefore, companies and private users must know how to detect abnormal CPU usage, computer slow-downs, and overheating hardware.
It is vital to install adblockers and browser extensions to limit and avoid cryptojacking.