Cryptojacking

The term ‘cryptojacking’ is an intriguing one, a blend formed out of two words: ‘cryptocurrency’ and ‘hijacking’. It is defined as the secret usage of your device for mining cryptocurrency. Hackers can hijack your device without your consent or knowledge and mine cryptocurrency for their own benefit. This practice of illicit crypto-mining has become the hot new way for cybercriminals to make money using another system’s hardware.

The malware is becoming increasingly common and works in the background while you use your web browser as usual. The only symptoms that may appear are an occasional slow performance of the system and high electricity bill. There will be no ransom notes, no data loss, no stolen passwords. The mining code might be running in your web browser right now while you read this article.

The Perfect Crime

A ‘perfect crime’ can be carried out when all it’s component pieces fall into place. The same happened in early 2017 when a hacker group released a large number of NSA created hacks into the wild. This flush release included EternalBlue, which made hacking into Microsoft Windows extremely simple.

On the other side, some cryptocurrency investors were not satisfied with the lack of anonymity of Bitcoin. Thus, Monero was developed. An alternate coin that is better at hiding the track of transactions and criminals love it.

The last piece in the wicked endeavor comes together with the fact that all blockchain based systems support the transaction processors which are known as miners. They receive a payment in cryptocurrency of their choice.

Thus, all components come together for a new strategy invented by the global hacker community to make money by illicitly mining Monero coins on unsuspecting computers around the world. And there is no way to track or confirm is your system is being used for this activity. There will be no stolen files or lost data, only a random slowness in performance.

Decoding the Threat

The most dangerous part of cryptojacking is that it is extremely easy and untraceable. It doesn’t require any kind of download, starts instantly and works efficiently. There are a few ways to go about it, but ultimately it functions on the idea of using unaware systems to mine cryptocurrency. Thanks to the in-browser miner, Coin Hive, implementing its ease-of-use has not lived up to its aims, rather the technique is being used negatively.

Crime is not far from where easy money can be made. The simplicity of illicit cryptomining has increased in popularity as it replaces ransomware as the attack vector of choice, especially now that cybersecurity vendors have developed applications for ransomware protection. Thus, to run a cryptocurrency miner on some CPU is comparatively an effortless task, rather than infecting it with ransomware and steal data.

The cryptojacking practice is evolving in sneaky and concerning ways. Since it is new, hackers are constantly working on innovative ideas to maximize their profit intake. The high processing demands of mining can do actual damage to the victim’s device.

Building a Botnet

A large number of compromised systems that work together as a tool for hackers are called ‘botnets’. But in this case, each system works independently, and the hacker has to install many systems as miners because each can generate only a small amount of revenue. In theory, many botnets that include millions of systems can generate $ 100 million dollars in a year. And this requires very minimal effort, and more importantly, very little chance of being detected.

Researchers at Proofpoint have traced families of botnets that exploit resources, the most damaging one being Smokin Ru. They predict these activities will continue, given the profits being made and the infrastructure of the botnet. It targets the Windows Management Infrastructure (WMI) using the NSA hack EternalBlue, mounts a phishing attack with an MS Word attachment, runs a Macro executing a Visual Basic script which will run an MS PowerShell code that works the miner.

WannaMine is another known worm that misuses WMI weaknesses. This is more sophisticated in nature, does not include any file download, and uses genuine software which makes it harder to track. Making things even more insidious, hackers can also sneak a mining code on unsuspecting websites and pilfer cryptocurrency off of the legitimate site’s traffic.

What can you do?

It is still doubtful to say whether the act of cryptojacking is illegal, but it is surely unethical. But how would you know if your system is being used?

Check the CPU utilization of your device. Users who are cryptojacked will see a drastic increase from a normal 14% to 95%. Also, their devices will be drained out of battery really fast or get heated with increased use.

Below are a few techniques that can be used to safeguard your device from malicious mining hackers.

i. Turn off JavaScript in the browser.

ii. Use Chrome extensions that block mining activity. For example No Coin or MinerBlock.

iii. Use a specific script blocker which will block the mining script from running, like NoScript or uBlock.

iv. Move to a safer web browser, like Brave.

The best thing that should be done is spreading awareness and educating oneself about the problem. Only then appropriate action can be taken for prevention and control.

In the News

Various incidents have been reported around the world that the experts believe are instances of cryptojacking. Read a few below.

In early December 2017, the public WiFi of a Starbucks in Buenos Aires was found to be manipulated to mine Monero on devices of innocent shoppers.

rogue staff at a European Bank earlier this year had set up a crypto mining system that left unusual traffic patterns on its servers and slowed the night time processes. The bank’s diagnostic tools did not discover anything, the setup was found after a physical inspection of the data centers.

Avast software reported that cryptojackers are using GitHub as a host. They created forked projects through legitimate ones and used a phishing scheme to lure people into downloading the malware in the name of a Flash update or the promise of a jackpot win.

A Chrome extension called Facexworm was found to be using Facebook Messenger to infect user systems by Trend Micro. It targeted cryptocurrency exchanges and could deliver cryptomining codes. It uses infected accounts to send out harmful links, can also steal credentials, and inject cryptojacking codes into web pages.

Future of Cryptojacking

The nature of this cyber attack may not seem that pressing initially, but its ability to fly under the radar is what makes it all the more dangerous. There will be a time when criminals will expand their reach using every system possible for mining activities, resulting in patches of computing infrastructure collapsing under the weight of multiple botnets trying to use their resources. Thus, every system will be indirectly responsible for the fortune of criminal enterprises across the globe.

This problem is so harmful, that all known security techniques may fail to stop it from the impending doom. The only solution is for the government to simply terminate cryptocurrency itself.

Share this post on

Start Your Free Trial

Testimonials

Continued support

I would like to thank you for your continued support. I’m so glad everything turned out well. I owe you one.

Vishal Savadiya

Prompt service

George was outstanding; he fixed my issue within a couple of minutes and got me back to work! Thank you for such prompt service!

Lyndsey Chapman

Best tech support

Your tech person resolved this issue to the best of my satisfaction. He is very knowledgeable, helping and nice person. Thank you for this help.

Bipin Bhatt
KB Accounting & Tax Services

Exceptional service

I appreciate the exceptional service that Duke Williams always provided us at JS Morlu. He is patient, knowledgeable and extremely helpful.

John S. Morlu
Global Managing Partner

Quick response

As always, It was a very positive experience having your technician solve the issue we were currently experiencing.

Brad Pollack
Retail Service Options

Kristi PArker

Was assisted with permission setting, easy process. Thank you.

Origin Books

Mary L Zembruski

They have always promptly resolved any issues I have contacted them about.

Wilson Landscaping

Christopher Hutzel

Easy of working and very helpful

Christopher Hutzel
Compactor Service

Mandy Leong

Great customer service

Mandy Leong
Managed Staffing

Taylor Hill

Not a problem since I started years ago. Support is amazing and couldn’t be quicker. Just tonight, I emailed them and within 1 hour David helped me through an issue and resolved it as quick as I could have asked. Glad I found these guys.

Taylor Hill
Hill Tax, Payroll & Bookkeeping

Serina McCoy

Service was very quick to resolve the issue we had with logging in. Michael Olson emailed and called with in a few minutes on realizing we had an issue and had us back up and working quickly.

Serina McCoy
Gilberts Mobile Service

Mark Tevrucht

thank you reason for stars is my opion nothing is perfect

Mark Tevrucht
T&T AUTO & TRUCK

Nancy Evans

Easy to work with Aaron.

Nancy Evans
Nancy P Evans CPA PC

Tom Cloninger

Excellent service! Very responsive!

Tom Cloninger
RAN Accounting & Consulting

Rich Durso

Anderson solved my issue quickly and efficiently!

Rich Durso
RTD

Juli Hale

We’ve been very happy with the service so far. I would highly recommend Sagenext for hosting QuickBooks and other software. Thank you Michael Olson!

Juli Hale
Vico Plastics, Inc.

Nabila Qureshi

Great Customer service and support. Will highly recommend Aaron was very helpful and knowledgeable

Nabila Qureshi
Tax King USA Inc

Yelena V Moshkovsky

Great service with persistence to solve the issue and easy to reach. Anderson was a lot of help with my remote desktop issue.

Yelena V Moshkovsky
Supporting Strategies

IT Director

Sage Next have been great. We moved from 2 other quickbooks hosting providers to SageNext because it is the fastest server we could find which makes working on it much easier for our team. That plus their team is always available and very helpful!

IT Director
American Foods

Victoria

Very happy with the functionality of the hosted environment and excellent customer service. A human always answers the phone quickly and is always knowledgeable and resolve any issue quickly. Thank you Michael and your support team.

Victoria
Abacus

Cristen Rolen

Worst support team who are getting more time ever.

Cristen Rolen
Cristen CPA Firms

Ed

Aaron was extremely helpful, and resolved my issue quickly and professionally. Sagenext hosting services has been reliable, and support has always been great.

Ed
Zigo Associates

Peg Kelly

Michael Olson was very helpful, professional, knowledgeable and kind. He’s a keeper should have more employees like him. Highly recommend Sagenext.

Peg Kelly
All Star Therapy

Jon Graff

Support has been terrific, every time I’ve had issues I’ve been able to get help quickly which has resolved any issues. Michael Olson recently helped me resolve a backup issue. Thank you Sagenext

Jon Graff
The Reason Foundation

Candi

Prompt support when needed!

The College Music Society

Stacy

Sage is wonderful! Aaron was an incredible help to me!

Elfand & assoc

Brenda

Thank you so much! I use Quickbooks on their servers and they are very helpful for all my computer needs. Thank you Michael for your great support.

BDKdoor

Gwendolyn Terrell

Customer Service was great they was able to fix the issue in a timely matter.

National Tax Center

Newsletter

Free Trial

Sagenext Trial