Web3 is filled with crypto hacks and scams that drain wallets and steal digital assets, as well as the various blockchain attacks that target the digital ledger. However, another form of cyber attack exists in the crypto world that steals people’s computing recourses in an attempt to mine cryptocurrency. Sounds crazy? Cryptojacking is actually a thing and it could happen to anyone, not just people who use cryptocurrencies. Unlike other threats, this cybercrime stays completely hidden from victims.
You’ll need a clear understanding of this threat in order to protect yourself from falling as its victim, let’s see what cryptojacking is all about.
What Is Cryptojacking?
Cryptojacking, also known as malicious crypto mining, is a cyber scheme that embeds itself in people’s devices hijacking their computational resources in order to mine cryptocurrency. It’s a type of cybercrime that occurs without people’s consent, and in almost all cases, it will be unnoticed. Criminals who wish to mine cryptocurrency without building an adequate crypto-mining computer use cryptojacking as a means to steal computing power from victims.
Even if you don’t use cryptocurrencies, you might become a victim of this type of cyber attack. Cryptojacking malware often affects devices through common phishing scams as well as it can embed itself in certain websites.
According to the European Union Agency for Cybersecurity’s (ENISA) annual report, cryptojacking was among the top cybersecurity threats in 2021. Google’s Cybersecurity Action Team has also found that year that around 80% of compromised cloud platforms resulted from cryptojacking.
What’s the Point of Cryptojacking?
The motive behind cryptojacking is simply for cybercriminals to get money with little resources.
Transactions conducted on the blockchain always have to be verified and authenticated before they can be added to the digital ledger. Participants in the network, called miners, are the ones who verify the transactions by solving complex mathematical calculations. The first miner to solve the puzzle would win financial rewards, and they can therefore add their block to the blockchain. This process is crypto-mining, and it’s the only way to create new coins on the blockchain.
This process however requires a huge amount of processing power and can be very expensive, as it requires the proper hardware and adequate electricity. As the mining calculations get more complex with time, some crypto miners have found that even high-end PCs with powerful processors are not efficient enough.
The increase in energy consumption generated by miners has led some blockchains to migrate from proof-of-work consensus, which requires solving complex puzzles, to proof-of-stake consensus as Ethereum did in its upgrade.
Some miners have been persistent about mining and added sophisticated graphics cards and upgrade their processor power. Some have even gone all the way to build huge farms of computers dedicated to mining cryptocurrencies.
Individuals with limited resources and questionable morals have thus resorted to cryptojacking as a means to mine cryptocurrencies in an inexpensive way. This way, criminals can reap the benefits of mining without dealing with the huge costs.
How Does It Work?
Unlike other types of cyber malware, cryptojacking doesn’t compromise or damage victims’ data. Instead, cryptojacking use a small amount of the victim’s processing power while targeting a large number of victims. Cryptojackers usually exploit computer resources without being detected. The malware will discreetly run in the background, redirecting the computer’s resources toward crypto mining.
Cybercriminals would prepare a mining script to infect a person or a person’s device. The device is compromised when victims click on a link that redirects them to an infected website or unknowingly downloads crypto mining software.
Some infected websites will exploit the victim’s resources as long as they are on the site. The cybercriminal can also control how much power is being used from the victim’s device for crypto mining. This way, the hijacking will go unnoticed.
Types of Cryptojacking
There are two types of cryptojacking that can affect people’s devices. Browser-based and host-based cryptojacking. Browser cryptojacking embeds crypto mining software on a website that runs as long as the victim is on that site. Host cryptojacking uses malware that victims unknowingly download on their devices.
Browser Cryptojacking
Browser-based cryptojacking happens when a miner embeds a crypto-mining Javascript code that redirects the computational power to mining activities. Some miners infect websites with programmatic advertising that places malicious ads without the website’s consent.
However, some websites truthfully state that in order to use them, the crypto mining software will run in the background. In this case, cryptojacking becomes consensual.
Host Cryptojacking
Host-based cryptojacking works like any typical phishing scam. The victim would click on an infected link that will install crypto mining software on their device. Also, cryptojacking malware can affect open-source code and APIs. This means that any application that uses the infected APIs can lead to cryptojacking schemes.
The cryptojacking malware also has the ability to detect if the given device has already been hijacked by another crypto-mining software. The malware can then disables the software and replace it. Kind of like a cryptojacking war.
How to Detect the Attack
Although cryptojacking malware runs noticeably in the background, there are a few ways to detect the attack.
- Poor Device Performance: Cryptojacking malware significantly decreases the infected device’s performance. If your device suddenly gets slower, starts to crash out of nowhere, and your battery drains more quickly, then there’s a possibility that your device is redirecting resources to crypto mining.
- Overheating: Crypto mining takes a huge amount of processing power from a device, which can result in overheating. This could lead to computer damage and significantly shorten its lifespan. If your device is overheating for no obvious reason, this might be a sign that cryptojacking malware is running in the background.
- High CPU Usage: You can check your CPU usage in Activity Monitor or Task Manager. If you see a spike in CPU usage when visiting a certain site or an odd activity, there’s a chance that your device is under a cryptojacking attack.
Can You Prevent It?
Cryptojacking malware can be detected and prevented like any other type of cyber attack. Here’s how to prevent this malicious crypto-mining scheme.
- Install Good Anti-malware Program: Good cybersecurity programs can detect the presence of malicious code both in web browsers and on the questioned device. It is best practice to install a good security program before falling victim to cryptojacking.
- Use Anti-cryptojacking Extensions: There are specialized web browser extensions to block cryptojackers from websites. Notable cryptojacking extensions include minerBlock, No Coin, and Anti Miner.
- Disable JavaScript: Disabling Javascript can stop crypto mining malware from running during your web browsing. However, disabling it might prevent you from accessing other functions, so it’s best to disable it while using questionable websites.
- Use Ad Blockers: Using ad blockers can stop cryptojacking malware that is delivered through website ads.
Is Cryptojacking Even Legal?
Although the crypto world is yet to be put under regulations, cyber crimes like cryptojacking are in fact illegal. Even though it seems a harmless crime that only uses a device’s processing power, attackers do it without the victim’s consent or knowledge for monetary gains. Under federal laws, this act constitutes fraud, and corrupt miners that engage in cryptojacking can indeed face prosecution.