What Is Cryptojacking and How Can You Stop It?

What is cryptojacking

In September 2017, the Coinhive project launched an in-browser cryptocurrency miner to provide website owners with an alternative monetization tool that does not involve running ads. The idea is simple. Instead of placing advertising on a website, website owners can use a percentage of each visitor’s computing power to mine the cryptocurrency Monero while the visitor is browsing the site. This innovative new solution, however, was quickly hijacked by cybercriminals looking to make money off unknowing Internet users.

In this guide, you will learn what cryptojacking is, why it has become so prevalent, and how you can protect yourself from it.

What Is Cryptojacking?

Cryptojacking refers to the secret use of online cryptocurrency mining malware that utilizes a person’s computing power once he or she clicks on a website that runs an embedded mining script. When a user reaches such a website and has no cryptojacking protection measures in place, his or her computing power will be used to mine cryptocurrency. This leads to the slowing down of the user’s computer and can lead to overheating and subsequent damage to the machine if it goes undetected for too long. Furthermore, mobile cryptojacking slows down your phone and can even damage your phone’s battery.

Cryptojacking is, therefore, a threat that internet users need to be aware of and protect themselves against. This is especially the case, in light of the fact that this type of malware has gained massively in popularity among hackers and cybercriminals.

Cryptojacking is Booming

The first instance of unwanted in-browser cryptocurrency mining happened only days after the launch of Coinhive when controversial peer-to-peer downloading platform ThePirateBay was caught mining Monero using Coinhive’s script without disclosing this to its users.

While the intentions of Coinhive’s creators were good, their technology has become one of the most popular malware in use today. After only two months in existence, Coinhive became the 6th most used malware in the world. Moreover, several Coinhive clones have popped up in the months to follow to further exacerbate the cryptojacking problem.

Four months later, in March 2018, cryptojacking malware has become the most active malware according to Cybersecurity specialists Checkpoint. Out of the ten most used malicious software, the first, second, and fourth most active malware are in-browser cryptocurrency miners Coinhive, Crypto-Loot, and JSEcoin.

Moreover, cryptojacking is not just a new toy for lone-wolf hackers who want to boost their income. North Korean state-sponsored hackers have reportedly started to use cryptocurrency mining malware to increase Kim Jong-un’s war chest. This came to light when cryptojacking malware transactions were traced back to the Kim Il Sung University in Pyongyang, North Korea in January 2018.

Given how easy it is to embed cryptocurrency mining scripts into the code of a website (with or without the website owner’s knowledge) combined with the increased transactional anonymity that Monero – the most commonly used digital currency in cryptojacking – provides, it should come as no surprise that cryptojacking is booming. Moreover, cryptojacking malware is available for sale on the dark web for as low as $30, so it is easy for cybercriminals to get started.

According to a report by Symantec, cryptojacking was the biggest trend in malware in 2017 and detection of cryptojacking attempts by Symantec has increased by 8,500 percent globally in the past year.

“With a low barrier of entry—only requiring a couple lines of code to operate—cybercriminals are using coinminers to steal computer processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency,” the report stated.

Furthermore, according to Heimdal Security CEO Morten Kjaersgaard, “the recent media mentions surrounding injected Coinhive scripts are widespread but widely understate the magnitude of the problem. […] Since it is a script injection, it will almost always go unnoticed by the host site and the client receiving it. However, everyone seems to be forgetting how easy it is to replicate these Javascript injections for other malicious purposes, such as malware delivery to end users. This kind of attack can often bypass antivirus detection because it is created to do exactly that.”

“Our intelligence shows that about 2% of corporate and consumer PCs are trying to connect to the Coinhive servers – that’s a high number and there needs to be more awareness drawn to these issues,” Kjaersgaard added.

With Coinhive “spin-offs” being launched on the dark web on a regular basis, it is not easy for cybersecurity software providers to always provide up-to-date protection for their clients. Hence, it is more important than ever to ensure that you are taking all necessary steps to mitigate the risk of cryptojacking.

How to Protect Yourself

The simplest and easiest way to prevent your computer from being hijacking for unwanted digital currency mining is to install a browser extension that immediately detects and blocks cryptojacking attempts. An example of such a browser extension would be NoCoin, which is a very popular crypto mining malware blocker for Google Chrome.

Alternatively, you can install a high-quality anti-virus software, such as Avast, which should catch and block any attempts to use your computer for mining provided you regularly update the software. You could also use the popular browser Opera, which provides built-in crypto mining malware protection for its users.

As is often the case with technological advancement, crypto mining opened up a world of opportunity for both honest people who are interested in profiting legitimately from the technology and dishonest people who prefer to make their profits illegally.

For this reason, it pays to make yourself aware of what is going on in this new world of crypto technology. If you want to learn more about digital currencies and new finance, subscribe to the Bitcoin Market Journal newsletter today.

Comments are closed.