Cryptojacking: How hackers use your computer to mine cryptocurrency

Thursday May 24 2018

Hackers aren’t just after your data; they’re after your computer power too. These internet thieves have figured out how to use unsuspecting individuals’ computers to mine for cryptocurrency, particularly the Monero cryptocurrency, for their own profit. This is known as cryptojacking. The process is surprisingly simple: Even a novice hacker can purchase a kit for about $30 on the dark web and start mining, according to Digital Shadows’ report “The New Gold Rush: Cryptocurrencies are the New Frontier of Fraud .” These hackers can access a remote computer through traditional phishing or through a more innovative and less invasive method — by hijacking a computer’s internet browser, CSO reports.

The scary part is that users may never even notice that they’re being hacked. With in-browser mining, the crytpojacking script runs automatically when the webpage loads, as opposed to reacting when a user clicks a malicious link, according to CSO. Also, unlike other types of hackers, cryptojackers do not demand ransom, lock you out of your network or even need to install malware on your computer, depending on the remote mining approach. At worst, your CPU speed might slow a little. JSECoin’s cryptojacking script, for example, only uses as much CPU power as an animated banner ad, AdGuard reports.

Even if a user did detect a cryptojacking script, he or she is unlikely to attempt to hunt down the hacker because nothing is stolen or damaged. This makes cryptojacking a safer and more lucrative operation for hackers, according to CSO.

In a November survey, AdGuard found that 33,000 websites from Alexa’s top 100,000 websites list run a cryptojacking, usually CoinHive. JSECoin, Crypto-Loot, Coin-Have and Project Poi also have emerged as crypto mining networks. This number of websites was up 31 percent compared with the previous month, showing that cryptojacking is spreading fast. These sites have a total monthly web traffic of 1 billion visits, which means it’s highly likely that you’ve visited at least one, if not more, of these sites.

Initially, cryptojacking scripts were most common on torrent and file-sharing sites and adult video sites, but some sites that might be considered more legitimate have participated too. Last fall, it was discovered that Showtime.com and Showmeanytime.com, which are website properties of CBS’ Showtime network, were running the CoinHive script. In January, TechSpot reported that crypto mining script was found in YouTube advertisements. Video-streaming sites are prime candidates for crypto mining script because users will leave their browsers open for a long time as they watch a video or an episode of a show, which gives the cryptojacker plenty of mining time, according to CSO.

TechRepublic also reports that cryptojacking script can be embedded in a Microsoft Word document. Word’s Online Video feature allows a user to embed video iframe code in a Word document. If crypto mining script is embedded into that iframe code and the document is shared with another user, the code creator can cryptojack the other computer. Internet researchers also have discovered cryptojacking script in the plugin BrowseAloud, which is used on more than 4,000 sites, including the United States Courts website, according to The Next Web . BrowseAloud, its parent company and the websites using BrowseAloud are not believed to be involved in the attack.

Experts note that, if used properly and with user permission, cryptojacking could be an alternative revenue stream for websites. CoinHive does offer a more ethical script called AuthedMine, which requests a website visitor’s permission before using his or her computer power for mining, but only 1.25 percent of the sites reviewed by AdGuard use this option.

 

How can cryptojacking affect your business?

If you’re a victim of cryptojacking, cryptojackers are making money off of your computer power. AdGuard estimates that cryptojacking generates $150,000 a month for its participants. About 70 percent of this is retained by the website owners, and 30 percent is collected by the mining network.

In return, you’re getting a slower web or computer-processing experience, which means less productivity. Plus, if many workers at a company are affected and report slower speeds to the IT department, IT professionals will spend time and resources tracking down the cause or even unnecessarily replacing system parts to attempt to solve the problem, CSO notes.

A quick way to determine if a computer is being cryptojacked is to check its CPU performance, which is found in the Task Manager on computers running Windows and in the Activity Manager on Mac computers. If there is a sudden spike in CPU activity, it is likely that the computer is being used for cypto mining, Quartz advises. To determine which website contains the malicious script, close internet tabs one by one until the CPU activity drops. If all browsers and programs are closed but CPU activity still is high, it is likely that there is cryptojacking malware on the computer.

If your mobile device is hacked, your battery might drain more quickly; your data speeds might drop; you might reach a data cap more quickly; or, if you pay for your data, your costs might go up, according to AdGuard.

 

Avoid becoming a victim

There are ways to avoid becoming a victim of cryptojacking — or to protect your company from being duped again. CSO recommends these seven steps:

1. Train your IT professionals to look for signs of cryptojacking. One red flag is a sudden spike in help desk tickets complaining about slow computer or device speeds.

2. Deploy a network monitoring solution to help keep an eye out for and block cryptojacking attempts.

3. Install ad blockers and anti-crypto-mining extensions on your browsers. Fossbytes recommends No Coin, minerBlock, AdBlock and NoScripts.

4. Keep your web filtering tools up to date.

5. Use a mobile device management solution to better control apps and extensions on your company’s devices.

6. Maintain your browser extensions.Train your employees to avoid the phishing scams associated with cryptojacking. Remind employees to be careful about opening emails from unfamiliar sources or clicking links in emails and on websites.

 

Sources: AdGuard, “Cryptocurrency mining affects over 500 million people. And they have no idea it is happening.” Bleeping Computer, “Half of all cryptojacking scripts found on porn sites.”

 

 

Cyber Security Event Series USA

Don't miss out, be a part of cyber security’s fastest growing event series, providing events that uniquely cover the entire security landscape. These innovative events offer invaluable security insight from industry experts on all facets of cyber security and risk mitigation, right in the center of your city.

 
CYBER SECURITY CHICAGO, 26-27 SEPTEMBER 2018, McCormick Place

CYBER SECURITY ATLANTA , 17-18 OCTOBER 2018, Georgia World Congress Center

CYBER SECURITY DALLAS , 31 OCT – 1 NOV 2018, Gaylord Texan Resort

 
To keep up to date with the latest cyber security news and trends, join our LinkedIn Group.

Kevin Mitnick - Keynote pass

Join Kevin Mitnick one of the FBI's former most wanted hackers live

People are the weakest link. They can be manipulated or influenced into unknowingly helping hackers break into their organization's computers. Kevin Mitnick illustrates how a hacker's thought process works and how they ply their tradecraft to easily catch out unsuspecting victims, who can be manipulated into handing over the keys to the kingdom. He will demonstrate our misplaced reliance on security technology, which has now become ineffective against a motivated hacker using the technique "social engineering."

Register now for a Keynote Pass to join Kevin’s live demo on Wednesday 17th October at CYBER SECURITY ATLANTA 2018

Top