Originally published at:
What is cryptojacking?
Cryptojacking is the illicit mining of cryptocurrency via malware, on someone else’s hardware.
Cryptojacking happens when a hacker secretly installs some cryptocurrency mining software like Coinhive, on to your computer or website without your knowledge, giving the hacker free electricity and processing power to mine coins without your knowledge.
This can cause your hardware to underperform due to the taxing of resources, and it can make your website’s user experience suffer as traffic faces a drain of their computing power when they log on.
Cryptojacking is one of the most quickly growing cybercrimes, with over 4000 sites affected with mining malware globally. Even electric car manufacturer Tesla was hacked, and cryptojacking malware installed in their cloud computing network. Miners were able to mine an undetermined amount of cryptocurrency before the exploit was discovered.
Monero is most often the currency of choice for cryptojackers due to the privacy-focused qualities of the protocol. Monero is a coin that does not reveal information about the user, or their transaction if used correctly, making the funds almost impossible to track for law enforcement. Monero was recently delisted from a major Japanese cryptocurrency exchange, because of the privacy-centric qualities it exhibits.
This technology originally started out to help websites earn revenue by mining cryptocurrency rather than displaying cost-per-click advertisements, however, hackers have started using it maliciously.
With in-browser cryptojacking, the malware only needs to be installed on the site itself and nothing needs to be installed on your computer, for the software to mine without your consent when you begin browsing.
A Cryptojacking epidemic
The idea is to install the mining malware on as many sites as possible and have them all secretly mining coins for the attacker. Hackers have successfully installed it on many businesses, government and private websites, as seen in the recent Drupalgeddon 2 exploit, which may potentially affect millions of sites using the Drupal content management system.
Content management systems (CMS) in general seem to be targeted by the hackers since if they can find an exploit in the content management system itself, they then have a backdoor into every site using the CMS.
Another example of this is WordPress, which was found to have over 50,000 sites infected by the Coinhive software alone. WordPress has 30 percent of the total website market share and almost 60 percent of the total CMS market share.
There are many other mining programs that can be used in lieu of Coinhive, such as:
- XMR miner
- Jenkins Miner
Joomla is another CMS that is very popular and has two percent of the total website market share. Joomla recently discovered two major vulnerabilities, one of which gives attackers complete control of the site, and leaves about 2.8 million sites at risk.
I am almost positive smaller CMS like Squarespace, Magento, and Wix will be targeted if they have not been already, and it’s these vulnerabilities that site operators need to be aware of. It is essential to stay up to date with the newest versions of your CMS since developers often release new security patches to counteract cryptojacking, as they are made aware of new vulnerabilities.
These hacks are particularly nasty, and hackers have been known to even install PHP backdoors, to still allow them access to the site, even if it has been updated to patch the vulnerabilities.
The rise of the cryptojacking botnets
Another favorite of the hackers that are out there cryptojacking, is creating giant botnets of thousands of malware-infected computers that are all secretly mining coins for the attacker. Hackers have been able to generate substantial sums of money utilizing the collective computing power of thousands or even millions of computers.
Several of these botnets have been uncovered, with one, in particular Smominru, making up to a $100 million USD per year. The average pc can produce about $0.28 worth of Monero per day, so we are talking about millions of infected computers. Botnets can earn a savvy hacker a lot of money and they are very hard to detect and counter. Smominru infects about 500 new computers a day.
Building the attack vector on millions of other people’s computer helps hide the hacker, and also the origin of who the attack came from. As long as attackers continue to get away with making hundreds of thousands, or even millions of dollars, the risk versus reward slants to the advantage of the attacker, overwhelmingly. As cryptocurrency continues to rise in value, this crime will only become more lucrative, with little disincentives for hackers.
How can I protect myself?
Cryptojacking is a rapidly evolving cybercrime that is very hard to detect and prevent. These 20 steps can help keep you protected, but hackers are playing a cat and mouse game with computer security professionals and law enforcement.
This means that the rules change rapidly when an attack has been thwarted, hackers try and find another way to get around the defenses. The best defense is to follow good computer security habits and to remain very vigilant about them.
- The best defense is practicing good computer security habits.
- Free themes for content management systems such as WordPress may come with malware hidden in the code, stay away from them to be safe.
- If you notice your computer slowing down considerably when browsing certain sites, you may be getting cryptojacked.
- If you notice extremely poor performance when using your device, you may be getting cryptojacked.
- Many modern antivirus or anti-malware apps can help alert you to cryptojacking and also purge the malware from your system.
- Always keep your content management system up to date, with the latest security updates.
- Have your site checked for PHP backdoors, which hackers have used to reinfect machines that have been cleaned of malware.
- If your phone’s battery is draining down faster than usual, or you notice it overheat when not in use, these are indicators that it may be infected with mining malware.
- Adblock plus can also help protect against in-browser cryptojacking, by blocking blacklisted domains that have in-browser miners.
- Malwarebytes, an anti-malware app, has defenses against cryptojacking malware.
- Be careful about the apps you install on your phone/pc, many of them have cryptojacking malware hidden within the app itself.
- Install Nocoin or MinerBlock, cryptojacking blocker applications, which prevent in-browser malware mining.
- The Opera desktop browser has a built-in defense for cryptojacking malware.
- Beware of phishing attempts, Wikipedia defines phishing as Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
- Beware of cross-site scripting attacks. Wikipedia defines cross-site scripting as Cross-site scripting is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.
- Beware of SQL injections. Wikipedia defines SQL injections as SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution.
- Beware of drive-by downloads. Wikipedia defines drive-by downloads as Drive-by download means two things, each concerning the unintended download of computer software from the Internet- Downloads which a person has authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet) automatically.- Any download that happens without a person’s knowledge, often a computer virus, spyware, malware, or crimeware.
- Be wary of malicious links, poisoned email attachments and files, and infected websites and applications.
- Remain vigilant and monitor your network, often times cryptojackers leave noticeable signs of their activity.
Since cryptojacking is so lucrative and so easy to get away with, I think we will only see it increase exponentially. The best way to be prepared for this attack vector is to utilize proper computer security habits.
- Things like using a password manager can really go a long way to protect you.
- Always two-factor authentication on all your accounts
- Use a VPN to hide your browsing habits.
- Never leave your device unattended, and always use a strong password.
- Encrypt your device to prevent hackers from being able to harvest your data.
- Don’t use public wifi networks, hackers can monitor the data being sent.
- Make sure your wifi connection is encrypted and has a strong password.
Simple precautions can often protect you from these kinds of attacks because the attacker will simply seek out an easier victim. Many people have little to no computer security habits, and often use the same password for all their accounts. When you make yourself a low hanging fruit, it makes you a target for cybercrime.
By taking a few minutes to educate yourself about computer security and practicing good habits you can largely protect yourself from hackers of all kinds, not just cryptojackers. Stay vigilant and be careful, because cryptojacking may be only the beginning of a whole new range of cryptocurrency related cybercrime.