Cryptocurrencies’ creation and evolution have brought developments, new data, and challenges to the world of cyber security. A new type of cyber-attack has emerged, known as “cryptojacking.” Understanding and explaining cryptojacking involves the mining of crypto. Let’s see what crypto mining is.
In the world of cryptocurrencies, we need to know that acquiring these coins is done through powerful processing. This includes people across the globe using their computers to process transactions submitted in a computationally complex manner automatically. The first person to “solve” a transaction receives coins as a reward. This is known as “mining.”
Cryptomining is very similar to the mining of a precious stone or precious metal. Therefore, as with special mineral deposits, millions of cryptocurrencies are not yet available.
Miners mine them, often using the combined processing power of possibly many but less powerful computers to solve complex algorithms. Once they (the algorithms) are verified, miners are rewarded accordingly.
When crypto mining is done without authorization, it is called “cryptojacking” and is indeed illegal. Cryptojacking is the process of exploiting computing resources without permission to mine cryptocurrencies.
Malicious cryptominers became widespread in 2017, mainly due to the rise in the value of various cryptocurrencies. Earlier variants of such malicious code were usually intended to infiltrate the victim’s device and install the mining software. In September 2017, a new cryptocurrency mining service called Coinhive became available. CoinHive was the first mining script to gain attention, especially when integrated into The Pirate Bay.
However, there are now more mining scripts than CoinHive, and they have been integrated into more and more sites.
Many applications and websites can “hide” a malicious script for a cryptojacking attack. In some cases, a breach is even created, although “contracts” with a rogue and beyond-suspicion website have also been reported; thus, the attackers’ profit from visits to this site. This can also happen to little experienced bloggers and self-hosted website owners. In other cases, website owners add the crypto mining scripts themselves and make a profit. Perhaps the most famous examples were the torrent download site Pirate Bay and two Showtime sites.
For example, if you have visited the following websites:
- Openload and oload.stream
- and many thousand others
You are likely to have a cryptojacking attack. Most popular sites participating in this new trend seem related to streaming. In the case of Openload, for example, users do not need to visit the site to become victims, as it is often used as an embedded video player on other pages. So, when someone visits a third-party page that has it embedded, the mining script is also loaded.
Apps and Vulnerabilities for Cryptojacking
It’s not just the streaming sites; there have been named reports for services such as Discord, Slack, and others that many people and many applications use. Google had to remove Android apps with crypto-miners hidden from the Google Play Store, and Apple pulled Mac apps with crypto miners from the Mac App Store. This type of malware could infect almost any device – a Windows PC, a Mac, a Linux system, an Android phone, an iPhone (if it could get into the App Store and hide from Apple), and even vulnerable smart home devices.
Evidence of breach from cryptojacking
Some symptoms are that your browser and other applications crash, your computer runs slower, consumes more power, and generates more heat. You may hear fans or cooling systems constantly running, and the battery will die very quickly if you have a laptop, tablet, or smartphone. Accordingly, stationary computers will absorb more electricity and increase the consumption of your bill. Cases have also been reported where this process burned devices and computers.
Protection from cryptojacking
- Keep software up to date.
- Only install apps from a trusted website, and don’t download them from unfamiliar sites.
- Pay much attention to the CPU and memory usage of the computer or device.
- Concern about the permissions required by apps.
- Install a suitable antivirus program like Norton, Malwarebytes, and Bitdefender on the PC to protect it.
- Above all, the most important thing is to make regular backups for necessary.