Cryptojacking: When the computer becomes a mine

Blog Cybersecurity
Pic Source: Ewan Kennedy via Unsplash

The cryptocurrency Bitcoin has experienced a rapid flight of fancy in recent weeks: Within four weeks, its value doubled from 20,000 to briefly 42,000 dollars – only to fall by 8,000 dollars in one day. But it’s not just the volatility of this digital currency that’s causing concern: in many ransomware attacks, hackers demand their ransom in Bitcoins. Cybercriminals are also increasingly tapping into private computers and corporate networks to mine cryptocurrencies – without the computer’s owner noticing.

How cryptojacking works, and how to protect yourself from it:

It was just ten years ago that programmer Laszlo Hanyecz paid 10,000 Bitcoins for two pizzas he ordered, making the first documented transaction of a cryptocurrency for a real economic good. Bitcoins were still worth around $41 at the time. On the day of the last peak in early January 2021, pizza coins were worth nearly $420 million.

No wonder mining new cryptocurrency is very attractive at the moment. However, mining legally has not been worth it for a long time due to the enormous computing power required and the horrendous electricity costs. Miners are therefore desperately looking for other resources – and are not afraid to use illegal, criminal methods. Security experts are already talking about an “industry” all of its own, bitcrime. Researchers at the University of Sydney have already estimated in 2018 that just under 80 billion US dollars worth of Bitcoins are being turned over in criminal activities. And IT analysts from “Cybersecurity Ventures” expect around 70 percent of all cryptocoins to be generated by criminal transactions in 2021.

Hijacking computers, secretly mining

Accordingly, the number of attempts at cryptojacking is also on the rise. Because at some point, miners realized that not even high-end PCs with a powerful processor were enough to make a profit while mining and cover the associated costs. So miners moved on to building huge computer farms to mine for cryptocurrencies on a commercial scale. Since even this was not profitable in the face of horrendous electricity costs, the idea of cryptojacking emerged, i.e. using devices (computers, smartphones, tablets or even servers) without the users’ consent or knowledge to secretly mine cryptocurrency at the victim’s expense.

Basically, two types of cryptojacking attacks are known: browser-based or by infecting them with malware. Browser-based attacks are comparatively harmless. More dangerous are cryptojacking attacks where malware is downloaded after a phishing attack. Once the computer is infected, the cryptojacker works around the clock to mine cryptocurrency, hiding in the background. To do so, the criminals use vulnerabilities in applications such as Apache, iis, ngix, php web servers, content management systems or databases that are directly accessible from the Internet. For example, they can plant the mining script on web servers, routers or in content management systems so that it is redistributed to all web pages that flow through these systems. The goal is to create a huge botnet of devices and use their CPU cycles for cryptomining – at minimal cost to the attacker.

Three different types of cryptojacking

Temporary cryptojacking
Mining runs only during a certain period of time, and it happens whenever you are on a certain website or use a certain app that uses your system for cryptojacking. Often, these scripts that are used for “mining” come with pop-up or banner ads.

Drive-by cryptojacking
Here, a small pop-up window remains unnoticed even when leaving a corresponding website. The mining process does not end until a restart.

Continuous cryptojacking
This process runs via malware that enters the computer system. It is usually hidden in email attachments or JavaScript ads.

How can you prevent cryptomining?

Pay particular attention to so-called phishing mails. Do not open anything, do not click anything!
Block the JavaScript in your browser to prevent drive-by cryptojacking.
Use browser extensions to fight cryptomining. Examples: AdBlock, No Coin or even MinerBlock.

The typical signs:

  • High processor load
  • A computer working and reacting slowly due to this load
  • Computer ventilation running at full speed
  • Strong heating and rapid battery discharge on smartphones

What can I do to improve my security?

Most measures to reduce your cyber risk also protect against cryptojacking. Particularly important aspects include:

  • Employee awareness training (handling emails, pointing out potential signs of cryptojacking).
  • Securing Internet browsers
  • Considered assignment of admin rights
  • Securing and monitoring servers
  • Observation and documentation of everyday, usual computer utilization in order to be able to recognize deviations if necessary
  • Digital parasites drive up electricity costs

Some cybersecurity experts point out that, unlike most other types of malware, cryptojacking scripts do not harm victims’ computers or data. The only annoyance, they say, is slower computer performance. But large organizations that have been hit by many cryptojacking systems still incur notable power and IT labor costs. In addition, reduced computing power could mean that certain business processes no longer run quickly or smoothly enough. There is definitely cause for concern (and for checking to see if one has been affected). After all, those who are vulnerable to mining malware are also at risk from other malware.