What is cryptojacking? How it works and how you can prevent it

Cryptocurrency investors are constantly warned about the threat of hackers seeking to steal money from online cryptocurrency exchanges and told to store their cryptocurrency offline as a precaution. But now there’s a new threat coming to town, and the way to prevent it might not be as simple. Cryptojacking, also known as malicious cryptomining, is one of the newest threats to cryptocurrency investors, and in the hacking sphere, has surpassed malware in its number of attacks in 2018. Kaspersky reports that almost half of users have experienced a cryptojacking attack in the past year, and that number is not expected to decrease as long as it continues to be profitable to hackers.

This guide takes a look at this new threat, exploring the predicted trends for 2019, and what precautions cryptocurrency investors can take to defend themselves against cryptojacking.

What is Cryptojacking and Why is it Malicious?

Essentially, cryptojacking is stealing computing processor units (CPU) resources from your computer to mine cryptocurrencies. It’s not just your computer, it’s hundreds or thousands of desktop and laptop computers, Windows servers and even mobile devices, since cryptomining of traditional coins such as Bitcoin and Monero consume such a large amount of CPU. Hackers found that cryptojacking is the only way for them to compete against the powerful computers used to mine these coins. Most cyber criminals prefer to concentrate their efforts on mining more anonymous coins such as ZCash and Monero to avoid any tracking (Bitcoin transactions have been successfully tracked by law enforcement official).

Since cryptojacking attacks such a large number of targets at once over a long period of time, many users aren’t even aware that they’ve been cryptojacked, except for higher utility bills or a slower computer. But when cryptojacking is scaled and larger organizations with many different computing systems are attacked by cryptojacking, the costs can be much more consequential. The cryptojacking of servers can be particularly damaging, like the case of the Smominru crypto mining botnet that infected computers in Russia, India and Taiwan and had mined over $3.6 million by the end of January of this year.

How Does Cryptojacking Work?

This attack method isn’t going to disappear anytime soon. If anything, it’s at its early stages and will only grow in sophistication. Currently, there are two main methods to launch a cryptojacking attack:

Malware scripts – This method involves having a user download a link containing malware, which downloads code that is installed into your computer to start mining cryptocurrency from it. Unfortunately, even the best anti-viruses don’t offer much protection. This type of cryptojacking takes over your computer, but unlike traditional malware, cryptojacking doesn’t harm your computer because hackers are thinking long-term. Remember: Cryptojackers need to continue to use your computer resources over time to successfully mine cryptocurrency. (There are exceptions, however. Loapi, an Android malware whose cryptojacking is so aggressive that it actually will harm your device.)

In-Browser JavaScript code – Often referred to as drive-by cryptomining, this method involves targeting many computers by injecting malicious JavaScript code into a web page. Any machine that browses that page can become cryptojacked. Not all in-browser approaches to mining cryptocurrency are malicious, however. The idea began as a way for web publishers, especially those in the gaming or content industries, to monetize through cryptocurrencies. Users would use the site, and in exchange, the site would ask to use your computing resources for cryptocurrency. The difference between an honest and dishonest approach to this JavaScript code? Honest sites release your computer when you leave the site and are forthright about their approach. Dishonest sites don’t release your computer afterwards and aren’t clear about their terms of use.

The second method of cryptojacking is quickly gaining popularity. In 2018, in-browser cryptojacking went up by 31%, and was found in 33,000 sites with 1 billion monthly visits.

How You Can Prevent Cryptojacking

Here are a few additional hints:

  • Use an ad-blocker — One of the most popular places to inject cryptojacking scripts is through web ads. An Ad Blocker, like Ad Blocker Plus, can be an effective way of detecting crypto mining scripts. You can also block specific domains such as CoinHive, a cryptocurrency mining service that has been hijacked by malicious parties for cryptojacking purposes.
  • Use a Plugin like No Coin or minerBlock – A few Chrome extensions exist that are specifically developed to prevent cryptocurrency mining on your web browser. Both No Coin and minerBlock are free and open-source.
  • Install an anti-malware solution — Anti-malware solutions offers protection to your entire computer, not just your browser. Malwarebytes is one reputable anti-malware solution, although there are many others.

On the larger scale, organizations should ensure that their router, IoT devices and firmware are fully patched and using the latest upgraded software versions. They should also consider strict management of user passwords and firewall rules that prevent unauthorized remote Windows Management Instrumentation (WMI). It could also be helpful to educated employees from across the organization on signs of cryptojacking they should look out for on a regular basis.

What to Look Out for in Cryptojacking in 2019

Cryptojackers in 2019 will have more tricks up their sleeves. Most experts agree that crypto mining is still in its early stage and the field will continue to develop. As cryptomining becomes more popular with mobile phones, it will become a huge threat to users. We may also start to see new “cryptojacking kits,” sold on the Dark Web to other parties for malicious intent. With the sharp drop in ransomware in 2018, which fell by 30% from 2017 to 2018 compared with the previous period, cybercriminals will flock to cryptojacking because of its lower-hanging fruit.

And as the field is relatively new, there is still room for growth. One example: The attack on MiKroTik routers by altering their configuration and installing Coinhive to all the pages served through the router. The infection of 170,000 MikroTik routers enabled the cryptojacking of a huge number of sites. Critics argue that the sudden growth in cryptojacking will only continue as the value of cryptocurrencies continue to grow, which it did continually throughout the bull market of the end of 2017. This bull market influenced the value of Monero in particular, which happens to also be the favorite coin of cybercriminals due to its anonymity. That coin specifically has also gained the attention of law enforcement which may shape future regulation of the industry in general and lead to cybercriminals flocking towards other newer and unexplored frontiers.