Decoding cryptojacking: what is it and how can you protect yourself?
What is cryptojacking and why has it become a pressing issue for the crypto community? Read on.
In 2023, cryptojacking saw a staggering surge, breaking records set in 2022. By early April 2023, the total number of cryptojacking hits had already exceeded the previous year’s total.
SonicWall Capture Labs’ threat researchers documented $1.06 billion cryptojacking incidents by the end of the year, marking a jaw-dropping 659% increase over 2022.
This surge was not limited to a specific region; almost every part of the world experienced triple- or quadruple-digit jumps in cryptojacking incidents.
Let’s delve deeper into this topic and understand what cryptojacking really is and why it has become a pressing issue for the crypto community.
Table of Contents
- Cryptojacking meaning: what is cryptojacking?
- Types of cryptojacking
- Cryptojacking examples
- How to detect cryptojacking?
- How to prevent cryptojacking?
- Future trends and emerging threats
Cryptojacking meaning: what is cryptojacking?
Cryptojacking, also known as malicious crypto mining or crypto mining malware, is a form of cyber attack where a hacker hijacks a victim’s computing resources to mine cryptocurrencies without their consent.
The attack typically involves installing malware on the victim’s device, such as a computer, smartphone, or server, which then runs in the background using the victim’s processing power and energy resources to mine cryptocurrencies.
One of the key characteristics of cryptojacking is its stealthy nature. Unlike ransomware attacks that demand payment, cryptojacking often goes unnoticed by victims because the goal is to mine cryptocurrencies covertly, without alerting the victim to the presence of the malware.
Cryptojacking attacks can target individual users, as well as organizations and businesses. In some cases, attackers have targeted high-profile websites, injecting malicious code into the site’s code to mine cryptocurrencies using the computing resources of visitors to the site.
The rise of cryptojacking has been fueled by the increasing popularity and value of cryptocurrencies, which has made mining them a lucrative task for attackers.
Additionally, the rise of cryptocurrencies that are designed to be mined using the processing power of ordinary devices, such as Monero, has made it easier for attackers to monetize their attacks.
Types of cryptojacking
Cryptojacking can take several forms, each with its own methods and impact on victims. Let’s understand its major types:
- Browser-based cryptojacking: This form of cryptojacking occurs when a user visits a website that has been compromised with malicious code. The code, often JavaScript, runs in the background of the user’s web browser without their knowledge. It then utilizes the computational resources of the user’s device to mine cryptocurrency. Since this type of cryptojacking does not require the installation of any software, it can be challenging to detect. Browser-based cryptojacking can lead to increased CPU usage, which may cause the device to slow down or overheat.
- File-based cryptojacking: In this type of attack, the attacker distributes a malicious file, such as an email attachment or a downloadable file, that contains cryptojacking malware. When the victim executes the file, the malware is installed on their device. Once installed, the malware uses the device’s resources to mine cryptocurrency. File-based cryptojacking can be more damaging than browser-based cryptojacking, as it can result in the installation of persistent malware that continues to mine cryptocurrency even after the initial infection.
- Cloud cryptojacking: This form of cryptojacking targets cloud infrastructure, such as cloud servers or containers. Attackers exploit vulnerabilities in the cloud infrastructure to gain unauthorized access and install cryptojacking malware. Once installed, the malware uses the cloud provider’s resources to mine cryptocurrency. Cloud cryptojacking can be particularly damaging, as it can lead to major financial losses for the cloud provider and its customers. It can also impact the performance of the affected cloud services.
Cryptojacking examples
Here are some instances where cryptojacking has been used maliciously:
- Coinhive: Coinhive was one of the most notorious examples of browser-based cryptojacking. It provided a JavaScript miner that website owners could embed in their sites to mine Monero. However, many website owners used it without informing their visitors or obtaining consent, leading to widespread complaints and the eventual shutdown of Coinhive in early 2019.
- WannaMine: WannaMine was a file-based cryptojacking malware that targeted Windows-based systems. It spread through phishing emails and malicious attachments, exploiting vulnerabilities in the Windows operating system to install itself on victims’ computers. Once installed, WannaMine used the infected computers to mine cryptocurrency, causing performance issues and potentially damaging the affected systems.
- Docker Hub cryptojacking: In 2018, researchers discovered that attackers had uploaded malicious Docker container images to Docker Hub, a popular repository for Docker container images. These images contained cryptojacking malware that exploited the resources of any system running the infected container. The incident highlighted the security risks associated with using third-party container images and the importance of verifying the integrity of images before use.
- Android-based cryptojacking apps: There have been several instances of cryptojacking apps being discovered on the Google Play Store. These apps claim to provide legitimate services but secretly mine cryptocurrency in the background, draining the device’s battery and consuming its resources. Google has since implemented measures to detect and remove such apps from the Play Store, but the threat persists.
- Tesla’s cloud cryptojacking incident: In 2018, Tesla’s cloud infrastructure was compromised by attackers who installed cryptojacking malware. The attackers exploited an unprotected Kubernetes console to gain access to Tesla’s Amazon Web Services (AWS) environment, where they deployed the malware to mine cryptocurrency. Tesla quickly addressed the issue and took steps to improve the security of its cloud infrastructure.
How to detect cryptojacking?
Detecting cryptojacking can be challenging, as attackers often use tactics to evade detection. However, there are several signs that can indicate that a device or system has been compromised:
- Increased CPU usage: Cryptojacking malware consumes a large amount of CPU resources, which can cause the affected device to slow down or become unresponsive. Monitoring CPU usage through task manager or system monitoring tools can help you detect abnormal spikes in CPU usage.
- Overheating: Cryptojacking can cause devices to overheat, especially if the malware is using a large amount of CPU power. Monitoring the temperature of your device can help identify if it is being used for cryptojacking.
- Increased energy consumption: Cryptojacking malware uses a lot of energy to mine cryptocurrencies, so an unusually high energy bill could be a sign of cryptojacking activity.
- Unusual network traffic: Cryptojacking malware communicates with external servers to receive instructions and send mined cryptocurrency. Monitoring network traffic for unusual patterns or connections to mining pools can indicate cryptojacking activity.
- Anti-malware alerts: Some anti-malware software can detect and alert you to the presence of cryptojacking malware. Regularly updating and running anti-malware scans can help detect and remove cryptojacking malware.
- Browser extensions: Browser extensions can be used to detect and block cryptojacking scripts on websites. Extensions like NoCoin and MinerBlock can help protect against browser-based cryptojacking.
How to prevent cryptojacking?
Preventing cryptojacking requires a combination of technical measures and best practices to protect your devices and systems:
- Use anti-malware software: Install reputable anti-malware software and keep it up to date. Anti-malware programs can detect and remove cryptojacking malware from your devices.
- Keep software updated: Regularly update your operating system, browsers, and plugins to protect against known vulnerabilities that cryptojacking malware can exploit.
- Use Ad-blockers and anti-cryptojacking extensions: Browser extensions like NoScript, uBlock Origin, and MinerBlock can help block cryptojacking scripts on websites.
- Monitor system performance: Keep an eye on your device’s performance. If you notice a sudden decrease in performance or an increase in energy consumption, it could be a sign of cryptojacking.
- Use network security measures: Implement network security measures such as firewalls and intrusion detection systems to prevent unauthorized access to your network.
- Restrict execution of JavaScript: Configure your browser to block JavaScript from running automatically, especially on untrusted websites.
Future trends and emerging threats
Future trends in cryptojacking are likely to focus on evading detection and increasing profitability for attackers.
One emerging threat is the use of more sophisticated techniques, such as polymorphic malware, which can change its code to avoid detection by traditional anti-malware programs.
Additionally, attackers may increasingly target Internet of Things (IoT) devices, which often lack strong security measures and are connected to the internet 24/7.
Meanwhile, as crypto continues to gain mainstream acceptance, the incentive for attackers to engage in cryptojacking is expected to grow.
To combat these emerging threats, it will be crucial for you to remain vigilant, keep your software up to date, and implement the latest security measures across all your devices and networks.