Cryptojacking – How Are Hackers Using Your Computer To Make Money?

Hijacking and Carjacking are bad implications happening around the world with very bad consequences.

These days, however, Cryptojacking is the new type of threat that is the main cause of your computers becoming slower and being used without your knowledge.

A few days back, I was going through my Facebook Feed when I ran into an article about Cryptojacking.

The curious cat that I am, I opened it!

When I went through the article I realized that anyone can learn how to mine cryptocurrencies such as Monero (privacy-focused cryptocurrency) in a matter of minutes using others computing power.

So, I thought why not share a detailed article about what is actually Cryptojacking?

What is Cryptojacking?

Cryptojacking is the use of your computer’s hardware and software for mining cryptocurrency for some stranger while you are busy watching movies, downloading sons or even reading news on a website. Yes, that’s right, someone is making money using your computer.

cryptojacking

A few years ago, various malicious sites used to download various software that used to show ads or hamper our machine. To get rid of such a malware attack we generally need to spend a few bucks.

However, over the years technology has evolved drastically so is the way of attacking computers.

With cryptojacking, websites embed a small JavaScript code which then uses the processing power of the visiting device to mine CPU minable cryptocurrencies like Monero, Bytecoin etc.

So a site which gets millions of users everyday, they can make a huge chunk of money by using someone else’s CPU.

cryptojacking by monero

Types of Cryptojacking

There are two Ways of Cryptojacking:

  • Installing a Programme which is the main culprit in mining cryptocurrency for a stranger
  • In Browser where a Javascript on a web page helps the unknown person take advantage of your browsing by mining through your resources

Popular sites have been affected by such cryptojacking scripts such as CBS Showtime, UFC live streams and even official websites for the government of Moldova and Bangladesh.

Not only this, Recently Piratebay was found hacking its users by mining Monero(XMR) without their consent.

piratebay illegally mining monero from users

Web pages are not the only thing responsible for malicious cryptojacking, even mobile applications could be hiding a specific code.

Two applications have in fact been noted to be successful in crypto mining with almost 15 million downloads combined.(It has now been resolved).

Is it such a serious threat?

Last year cryptocurrencies were seen taking over the financial world and our digital lives. Cryptojacking has now ranked in the list of top ten more prevalent malware variants.

Cybersecurity firm, Check Point researchers reported that business organizations too were impacted by this new age malware. 55% of the organizations worldwide were affected, with 65% of the end users CPU power being used.

I would not want my hardware and electricity to be used by anyone other than me! Plus my internet usage is limited to only 50GB a month, with cryptomining it is bound to go past this and reduce my speed. It’s similar to giving a ransom to some kidnapper every day for no reason at all.

Not forgetting the overloading of the CPU which results in clogging up of the CPU which will result in continuous crashes, so repair bills keep mounting up with no fault at all.

The more serious threat is the fact that it is not illegal. It is unethical and looked down upon but it is not a forcing threat like botnet and hence is not considered a legal problem. Since it is not permanent, it escapes the module of being a major vulnerability.

Top Notorious Cryptojacking Malware

Coinhive

This is the most popular Cryptojacking malware available. It is an open Javascript miner for the Monero Blockchain that can be embedded in any website.

When users visit the website with the embedded code, the users will start mining Monero (XMR) using their CPU power in turn for an ad free experience, in game currency, free files for download or whatever incentive you come up with.

Any basic user can use Coinhive on their website to take advantage of innocent people who visited the site to gain some information.

Moreover, You can know if the site is mining using Coinhive by checking its source code.

What’s next for the greedy miners? Even their kids will be able to make use of this easy to use cryptojacking tool.

Cryptoloot

Another popular cryptojacking browser-based miner is Cryptoloot. It is unnoticeable and has lightning fast connections, DDoS protection and multiple database servers to ensure 99.9998% mining uptime.

Crypto Loot utilizes Monero as it supports unlying principles of privacy. It is similar to Coinhive with the incentive option.

Why wouldn’t anyone choose it when the payout is 88% of mined commissions, at minimum intervals of 0.3 XMR (Monero).

Defending against Cryptojacking

Since you are educated about Cryptojacking, there are a few things that you need to take care to save yourself from this malicious attack:

1. Keep an eye on redirect loops which redirect the users over and over again to websites running cryptocurrency mining scripts. This tends to increase the mining activity.

2. Sometimes a tiny browser window hides near the system clock, which is seen to run a script until the user notices something.

3. Browser extensions, especially for Chrome (which is the highest affected browser) such as No Coin or minerBlock, can help anti-mining activities.

There are also script blockers extensions now available for web browsers such as Google Chrome’s uBlock Origin and Mozilla’s NoScript to ensure the scripts for mining are blocked.

nocoin blocker

4. Turn off Javascript using this method to prevent loading of mining scripts. However, some sites might not work properly after turning off JS.

How can Cryptojacking be a positive form?

With the cryptojacking scripts in place, and incentives being designed such as ‘no ads to be displayed’ it can be used in the right manner.

If a user of a website does not want to view ads he can be asked permission for unknown operators to use his system for mining.

Coinhive have already created AuthedMine which requires permission from the websites visitors before it’s enabled. However the fact that this has not been so popular, needs to be considered and a strategy needs to be put in place so that websites opt for Authedmine, in full safety and users permission.

Will Cryptojacking be a threat in the future?

In all honesty Coinhive JavaScript miner had no intention to become a malicious threat however with the greediness of user’s worldwide, website owners took advantage of the script.

Mining cryptocurrencies have become more difficult over time and this means that if a website needs to be successful in Cryptojacking, there will need to be millions of users that access the website.

Monero being the top of the lot in terms of mining is due to its ease of mining from a CPU. This will eventually decrease in the future, as the supply reduces and rates increase.

Another reason that cryptojacking will not be spread into many of the popular websites is the fear of negative sentiments in the media. With technological news being spread in a matter of minutes, it can put popular websites to shame and hence will lose out in the popularity contest.

Our Point of View on Cryptojacking

We at Coinscage, have taken into consideration the above details and state.

It’s better being safe than sorry, unless you want another person to use your device for their benefit of course! So depending on the browser you use, do activate the necessary extension and add-ons mentioned so that websites cannot let the malicious cryptojacking script take effect on you.

With technology changing it is always important to keep up to date with security features and by avoiding websites which have been compromised with malicious scripts.

The automatic nature of cryptojacking is what makes it different from other malicious viruses that infect our laptops.

Hence our guide above will ensure you take the right steps needed, and if there are any doubts feel free to comment below and we will be happy to serve you’ll!

Meanwhile, also have a look at:

Comments (No)

Leave a Reply