Cryptojacking is a type of cybercrime that involves a hacker co-opting a victim’s computing power to generate cryptocurrency on the attacker’s behalf.
The motive for these types of attacks is profit, which is usually extremely effective as it is completely hidden from users and difficult to detect. Hackers use this method instead of having specific cryptomining operations as it is more cost effective with no overheads.
How does cryptojacking work?
There are two methods that are used by cybercriminals to carry out cryptojacking attacks. Some hackers will use a hybrid of these techniques if they are cryptomining various devices at one time.
Download
Victims are persuaded to download cryptomining code on to their devices. This is usually achieved through a form of social engineering such as phishing emails. The victim is encouraged to click on a link, which once clicked will allow the code to start running on their device.
Injection
The script is put into an ad or webpage meaning once the user has clicked on the link or page, the code can begin to run on the device.
How does cryptomining code spread?
Certain cyrptomining scripts allow them to infect other servers or devices linked to the same network as the original infected device. If this happens it becomes extremely difficult to isolate the script and remove them.
Sometimes it can also include multiple versions of the code/script in order to leverage the weaknesses within the device. If one version doesn’t work, then the next one will be implemented until one is successful.
How to detect cryptojacking?
Cryptojacking is very difficult to detect as it runs in the background without the user’s knowledge. There are however a few things to look out for which may be red flags indicating that cryptojacking is occurring.
- Decreased performance – systems running slower than usual, exhibiting poor performance or crashing unexpectedly during routine tasks. Battery draining is also a sign to look out for.
- Overheating – As cryptomining is a resource intensive process, the device will be working harder to carry out the tasks allocated, which can then cause overheating. This will damage the computer and shorten the lifespan of the device.
- CPU usage – If your CPU usage is increased when you are on a website with little to no media, this can be a sign that cyrptomining is happening on your device.
Preventing cryptojacking
There are various actions you can take to limit the chances of this type of attack happening:
- Good cybersecurity program – having the correct cybersecurity defences such as threat detection and cryptojacking prevention tools in place is a good start.
- Ad blockers – blocking ads on certain websites will limit the chances of the injection method of cryptojacking taking place.
- Use browser extensions to block – extensions such as MineBlock, No Coin and Anti Miner are available on popular browsers.
- Disable JavaScript – this is another prevention technique although this may block some functionality that you wish to use.
- Block pages known for containing cryptojacking code – Use whitelists.
- Educate – if in a business environment, keep yourself and others educated on cybersecurity best practises.
About BlackFog
BlackFog is the leader in on-device data privacy, data security and ransomware prevention. Our behavioral analysis and anti data exfiltration (ADX) technology stops hackers before they even get started. Our cyberthreat prevention software prevents ransomware, spyware, malware, phishing, unauthorized data collection and profiling and mitigates the risks associated with data breaches and insider threats. BlackFog blocks threats across mobile and desktop endpoints, protecting organizations data and privacy, and strengthening regulatory compliance.