Cyber crime grows faster than the methods used to prevent it. In the last decade alone, we saw the biggest monetary heists occuring in the digital world, and criminals (a.k.a. hackers) getting away with large sums of money using sensitive personal information.
But is data the only thing that can help these culprits make lots of money? Many would argue that there are other ways to benefit, one of which involves using the resources of third-party devices to mine cryptocurrency.
A form of unethical hacking known as cryptojacking saw a sharp increase in the latest bull market of Bitcoin, as well as the one we are cruising right now, targetting mainly large, corporate computer networks.
But what is cryptojacking exactly? This is exactly what we will be talking about in this article. In the next few chapters you will get a detailed introduction to the most “stealthy” form of cybercrime, how it works, and why it’s rather hard to detect.
Let’s delve in!
What is cryptojacking?
Cryptojacking is a subtle form of hacking that allows cyber criminals to use your computation power in order to mine cryptocurrency. This is done through the installation of a malicious script or software on your computer, laptop, or mobile devices. From the moment you fall victim to cryptohacking, your device will mine cryptocurrency for the hackers leaving you completely unsuspected of anything. By the time you start noticing the issue, you will most likely be faced with very high electricity costs and an overheated computer.
The crypto term increased in popularity during 2018, when certain types of software enabled everyday individuals to monetize the computation power of others in a very simple way. There was a second spike in cryptojacking cases in 2020 as well:
Types of cryptojacking
Generally speaking, there are two different types of cryptojacking. These are:
- File-based – This type of cryptojacking enters your corporate network just like any other malware, and many of them are self-propagated. These later spread through the internal network creating huge electricity costs.
- Browser-based – This form of cryptojacking doesn’t even need to enter in your (corporate) network. If employees visit certain websites through company-owned devices there is a high amount of risk. Here is how it typically works:
- First, the attacker identifies and infiltrates a vulnerable website.
- The attacker hides malicious crypto jacking code in the site.
- The employee logs into the website to benefit from its services.
- The device of the employee now offers its processing power to the attacker.
- As long as the web browser is open, the attacker benefits from the process.
For both of these methods, the cryptocurrency that is being mined is eventually transferred to the wallet of the attacker, while all the costs associated with mining are stacked upon the monthly bills of the corporation that is “highjacked”.
How to detect cryptojacking
It’s rather hard to notice cryptojacking taking place, especially if the ones being affected have no technical knowledge or experience with the issue. There are however certain things you can do in order to understand how to detect cryptojacking:
- A decrease in performance or a lag in the execution process
- Regular overheating of your device(s)
- Check your CPU usage monitor as you visit different websites
- Use antivirus and anti-malware software
- Stay up to date with cryptojacking news to understand if any new forms or techniques are developed.
By adhering to all the above practises you will ensure that cryptojacking detection becomes a norm for your organization.
How to prevent cryptojacking
To resolve a problem before it occurs you will need to prevent it. And when it comes to cryptojacking this is very important, as it can take a long period of time to notice it taking place. Therefore, here are the different ways you can utilize to bulletproof your device(s):
- Educate yourself on the different types of cryptojacking and how these work.
- Use browser extensions (like MinerBlock or NoCoin) that prevent malware script from being hidden into your device.
- Use a privacy browser that blocks ads automatically (e.g. Brave browser) and avoid downloading extensions you don’t necessarily need.
- Use common sense – don’t click on suspicious links and scan your device for viruses on a regular basis.
What if my device is “infected” already?
If you believe (or discover) that your device has fallen victim to cryptojacking there are a few simple steps you can take to ensure that it returns back to its prior state:
- For file-based cryptojacking, you will need to explore which apps or extensions were recently downloaded to your device. Do they all come from reputable sources? If not, they might be the culprit for the issue. If you are using antivirus, the software should easily “pick up” the malware so you can delete it permanently. If your antivirus can’t pick it up but you are certain you have fallen victim to illicit malware it is best to restore your device to its previous point or completely reboot your hard drive.
- For browser-based cryptojacking, the solution is much easier. You simply needs to close your browser. While this sounds rather self-intuitive, there are many people that never close their browsers due to the many different tabs they need to attend. The same people will often send the computer to “sleep” at the end of the workday instead of shutting it down completely. In this case, the culprit could take advantage of the situation.
Reasons behind the significant rise in cryptojacking
As aforementioned, cryptojacking can be used on both the individual and the corporate level. However, the majority of these efforts are focused on large computer networks of companies. As the number of cases have been growing steadily, we have identified three reasons that explain the motivation for such practises:
- The increased value of cryptocurrencies – Making money is the main reason for cryptojacking. Aside from the industry growing faster than any other, the mined cryptocurrencies are also appreciating in value rapidly, especially when the mining happens over longer periods of time.
- Most corporations are not even aware of the risks – This is because the attackers use the company’s resources instead of its data, or other sensitive information. In the eyes of all involved parties there is no direct threat to the company, and the higher costs can easily be overlooked or labelled as something else.
- It is a “subtle” money-making method – By the time a corporation notices that its computers operate slower than usual, and that their electricity costs are increasing month over month, the attacker will have already made a significant amount of money on the back of the company’s computer network.
Another reason we have seen a rapid increase in cryptojacking cases is a software known as CoinHive.
The launch and growth of CoinHive
In the past couple of years, cryptojacking has become a more serious problem, as we see it grow in popularity among cyber criminals. Part of the reason behind this spike in cases is a software known as CoinHive.
In September 2017, CoinHive was introduced to the public as a way for websites to mine cryptocurrencies through the browsers of their site’s visitors.
What made CoinHive more popular than similar types of software that came before is its ability to mine Monero – a privacy coin. This means that tracing the cryptojacking script back to the cryptojacker was nearly impossible, since the coins cannot be traced.
CoinHive made it easy for webmasters toenable browser-based cryptojacking as an additional source of monetization. And while the software explicitly stated that consent must be acquired before any of these practises takes places, many websites never got to this point.
At its early stages, CoinHive didn’t explicitly enforce its users to inform the visitors of their website. This eventually lead to many webmasters taking advantage of the situation (banking on their traffic) and crypto hacking professions integrating it into their malware attacks.
Shortly afterwards, we experienced the massive bull run of 2017, which took the Bitcoin price to nearly $20.000. Naturally, Monero and CoinHive scripts grew as well. In a short period of time they were found in many different locations, including:
- Browser extensions and software.
- Youtube and Facebook ads.
- Advertisement networks
- Applications for mobile and desktop devices
- Automated chatbots
- Websites with massive traffic (.gov and commercial)
CoinHive took things one step further
By August 2018, CoinHive was responsible for 62% of all criminal and non-consentual cryptojacking, and the company did not do much to stop its bad reputation from growing. Who would blame them, when finding out that they automatically receive 30% of all Monero mined through their scripts?
This became even more prevalent later on, when the company would invalidate wallets linked with suspicious activity, keeping 100% of the profits made in Monero. Many could argue that CoinHive was and still is one of the biggest cryptojackers of all times, even though they later released an unsuccessful updated version of their product called AuthedMine.
Is CoinHive still available to the public?
As of March 2019 CoinHive no longer offers its services to the public, after AuthedMine never really took off. For the long-term sustainability and reputation of the industry this is really good news. However, some webmasters claim that it removed an important part of their monetization strategy that they now need to find other ways to cover.
Do cryptocurrencies empower such practises?
For many cyber criminals, the growth of cryptocurrencies as alternative payment methods has been blessing in terms of privacy and ease of distribution. Where, in the past, it would be rather hard for hackers to get away with large amounts of money, nowadays it becomes increasingly easier by using certain cryptocurrencies.
Aside from being hard to track, cryptojacking is also very profitable:
— ezoren (@ezoren3) January 13, 2021
That is not to say that all cryptocurrencies are untraceable – there is a reason CoinHive chose use Monero as its mining preference. Most cryptocurrencies offer “pseudo-anonymity”, meaning that blockchain lurkers can see the addresses participating in a transaction but not the individuals behind them. However, since the rise of KYC-mandated wallets (whitelisting practises), it has been increasingly easier to identify users by following the transactions made with their funds.
All in all, it is the privacy coins, like ZEC and Monero, that are able to accommodate such practises, allowing users to get away with it. It is impossible to track the transactions on a public blockchain, which in turn makes it a “safe haven” for cryptojackers.
If you made it this far, you should now be aware of one more “shady” attempts cyber criminals use to benefit from you. While this method is not directly linked with hacking or data breaches, it can drain both the electricity of your devices and the contents of your wallet (when its time to pay the bills).
Knowing this, you should follow the practises discussed above when it comes to detecting and preventing cryptojacking from taking place. You can always use your computational power to mine cryptocurrencies for your own accord, but be fully aware of the costs that are linked to it.
To summarize the contents of this article, here are the things we talked about:
- The definition of cryptojacking
- The different types (file-based vs browser-based)
- How to detect and prevent cryptojacking
- Steps to take if your device is already infected
- The reasons behind the spike in cryptojacking cases
- The role of CoinHive in the growth of such cases
Therefore, and in case you ever feel like your device may have fallen victim to such practises, it may be a good idea to bookmark this article for future reference.