Cryptojacking Explained

There’s a new danger to your computer, but one that doesn’t involve your PII, passwords, or credit card numbers. These attackers want something far more fundamental: your computing resources.

Why are these next-gen hackers going to such extreme length to snag the use of your CPU or GPU? They want to make you mine - using the word ‘mine’ in the verbal form of the word, not the possessive. That is, they want you to mine cryptocurrency for them.

It’s called cryptojacking, and it’s a giant emerging threat.

Understanding Mining Cryptocurrency

Mining cryptocurrency is actually the creation of cryptocurrency – kind of like how the US Mint prints money, but in a digital version. Here’s how it works:

Cryptocurrency, as we know, relies on blockchain technology. Mining is the innovation that allows the blockchain to be decentralized and secure - without a central authority; and ‘the miners’ validate these new transactions and records. Each of the millions of transactions that happen are first registered in block, then strung into a chain. Blockchain is secure because “blocks” are heavily encrypted when added to the public chain. And to deal with this encryption – that is, to register the transactions and keep the crypto economy humming – requires significant computing resources. Forbes Consumer Hardware columnist Jason Evangelho explains it: “The process of solving the math puzzles on these blocks and adding them to the public blockchain (think of it as a ledger) is roughly what mining is.”

Cryptominers provide this computing power. They verify transactions. And for their trouble, they get paid in the coin of whatever block they’re currently verifying, based on the amount of computing resources they contribute to the process. The coins these cryptominers are given go into circulation – just like newly-printed $100 bills leave the US Mint – and the cryptoeconomy marches on.

What’s Cryptojacking?

Cryptomining requires computing power, and computing power still isn’t free. Thus, it was inevitable that somebody would figure out a way to cheat. This brings us to cryptojacking.

“Cryptojacking” is when someone steals your computer’s processing power to mine cryptocurrency for their own gains. It may not sound like such a big deal, and in fact – it may not be for the average home user. Crypto-writer Elizabeth Harper explains that cryptomining “…doesn't delete data or steal personal information, and only runs when your browser has a bad webpage open.”

Still, Harper continues, “…it's not something you want your computer to be doing. Mining for cryptocurrency takes a lot of processing power, which means your computer will slow down and heat up as your processor is pushed to the limit.” Indeed, in addition to slowdowns and delays, overuse of cryptojacked CPUs can cause servers to crash, system downtime, and Denial of Service issues for organizations.

How Does One Get “Cryptojacked”?

It’s really easy to be cryptojacked, and it’s often hard to know that it’s happened, without special software.

Your computer can get cryptojacked if you click on a malicious link in an email, for example (which is in any case inadvisable). What’s worse, online ads on almost any website can be infected with JavaScript code that auto-executes when the page loads. When you hit one of these ads – and they can be found even on major, mainstream sites – there’s an opt-in process, and no installation required. It just loads, and as long as the browser session is open on that site, your computer may be happily mining currency for someone else, instead of just processing whatever it is that you’re doing.

For organizations, the damage of cryptojacking is compounded by the sheer number of potential targets, and the inherent complexity of the IT environment. Sherif El-Nabawi, senior director, Systems Engineering, Asia Pacific, Symantec noted in a recent FinTech article that “…the massive profit incentive puts people, devices and organizations at risk of unauthorized coin miners siphoning resources from their system.” With the shift to cloud computing, enormous computing resources are available to average enterprise end users – and the dangers of cloud CPU usage for cryptomining have grown proportionately.

How Prevalent is Cryptojacking?

Cryptojacking is the fastest-growing malware segment on the planet.

Recent research from veteran security firm Check Point found that cryptojacking affected a staggering 55% of organizations globally. Check Point announced that cryptojacking malware comprised 2 of the top 3 most prevalent malware variants in late 2017. Other research suggests that nearly 50,000 sites have thus far been surreptitiously infected with cryptojacking scripts, with Coinhive accounting 81% of all recorded infections.

Preventing Cryptojacking

Despite the complexity of the field, and the extent of the potential danger, cryptojacking is surprisingly easy to prevent.

Browser extensions like advertisement blockers have already added options to block common mining scripts and domains. Dedicated anti-cryptomining browser extensions (like NoCoin and others) are also available free from browser marketplaces.

Client-side security solutions, like antivirus and antimalware tools, offer protection from cryptojacking, and on the organization level web filtering or web security gateways now protect from mining scripts by default.

But like any security tools – education is the best remedy. Individuals should follow best practices regarding unknown emails and links, and ensure their antivirus and other on-board tools are up to date. On the organizational side, educating staff about cryptojacking symptoms will increase awareness, and dedicated security teams should conduct regular audits and scan systems for potential threats.

Sign up to get CyberInt’s free scan of your fraud threats here.