Cryptojacking: What it is and how to protect yourself

Home Forums Forum Cryptojacking: What it is and how to protect yourself

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #2879

    Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Cryptocurrency is simply a digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds operating independently of central bank. It is a digital asset that has been created to work as a channel of trade. The technology uses a process named cryptography which guards all of the transactions and regulates the formulation of additional units of the currency. These digital currencies are also categorised as alternative currencies and virtual currencies.

    There are two primary ways hackers can cryptojack you to secretly mine cryptocurrencies. These include:

    a. Trick victim into loading cryptomining code onto their computers through phishing tactics. In this trick, a victim normally receives a legit looking email which encourages them to click on. Upon clicking, the link runs code that places the cryptomining script on the computer. The script then runs on the background as the victim works.

    b. The hacker can as well inject a script on the website or on ad that is delivered to multiple websites. When the victim visits the website or the infected ad pops up in their browsers, the script will execute automatically. The code will then run complex mathematical problems on the victim’s computer and send the result to the hacker’s server.

    Hackers often will use both methods to maximize their return. “Attacks use old malware tricks to deliver more reliable and persistent software [to the victims’ computers] as a fall back,” says Vaystikh. For example, of 100 devices mining cryptocurrencies for a hacker, 10 percent might be generating income from code on the victims’ machines, while 90 percent do so through their web browsers.

    Unlike most other types of malware, cryptojacking scripts do no damage to computers or victims’ data. They do steal CPU processing resources. For individual users, slower computer performance might be just an annoyance. Organization with many cryptojacked systems can incur real costs in terms of help desk and IT time spent tracking down performance issues and replacing components or systems in the hope of solving the problem.
    To detect cryptojacking can be difficult at times. The following are some of the symptoms of cryptojacking:

    i. Device heating up
    ii. Laptop making loud whirring noises
    iii. Battery draining faster than usual
    iv. Impaired device performance such as slowing down or crashing
    v. Check your resource usage
    vi. Check to see if your browser is secretly still running
    vii. Keep a close watch on your Cloud Bills

    Check Resource Usage
    To check you resource usage, you should first open the task manager, this can be done by pressing ctrl + alt + del keys simultaneously. Either, you can open the Activity Monitor in case you are using MacBook. Check out to see if your CPU resources are being maxed out at 99% or more. If the program you are running in your device has no business using all that power, then cryptojacking might be the cause of all that power drain.
    Check to see if your browser is secretly running

    Close your internet browser window and open the task manager or the Activity Monitor in case you are using a MacBook to see if the program still shows as open. The hackers typically run through your browser and create a tiny ‘pop-up’ browser window that hides behind your Start button or toolbar, so it can continue to consume computer resources even after you think you’ve closed your browser.

    Keep a close watch on your cloud bills
    Hackers are also capable of phishing your cloud usernames and password and allocate your cloud resources towards mining, but you won’t know about the problem until the end of the month. Sadly, this method can be pricey.

    CAUSES OF CRYPTOJACKING
    Currencies such as Bitcoin, Ethereum and Monero are all continually ‘mined’ by using distributed computing resources to work out problems that generate ‘hashes’. Anyone can use their machines to process new coins in this way, but with cryptojacking, website owners and app developers are able to harness the CPU of their audience instead, earning them cryptocurrency in the process.

    Hackers cryptojack your device by either getting you to click on a malicious link in an email that loads crypto mining code on your device, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in your browser.

    Avoiding Cryptojacking

    There is no clear law that defines whether cryptojacking is legal or illegal, but the method is not ethical by any means as internet users have their resources taken away without their consent or receive any incentive.
    Cryptojacked victims usually will notice that their devices will be low on battery quite fast, or their devices will heat up fast while some will observe that their CPU power utilization will be higher than usual. By entering your task manager, you can check your CPU utilization to check if you are being cryptojacked.

    There are some security practices and plugins that you can use to avoid being a victim of in-browser cryptojacking:

     Never click on a link in an email.
     Turn off your JavaScript in the browser.
     You can run anti-phishing software, antivirus, and adblockers for chrome extensions like No Coin or MinerBlock.
     You can run specific script blockers such as NoScript or uBlock.
     Think of using more privacy-centric browsers.

    The best remedy is prevention. Stay safe from cryptojacking by following this guidance:
    Watch out for phishing-type attempts to load scripts onto your device

    Install an ad-blocker extension for your web browsers
    Routinely check your browser extensions for anything suspicious and keep them up to date
    No matter how hard you try to educate yourself and your team, it’s inevitable that some attempts will slip through the net. To stay ahead of the attacker it’s imperative to have a security solution in place which is able to intercept traffic to phishing sites, stopping the threat at its source.

    #3955
    #5734
    Anonymous

    Great article. The world of Crypto is still very vague to many and there is very little understanding of its benefits and mode of operation. However, if used correctly and invested into at the right time, it can surely net a healthy return and be a great alternative to traditional banking and transactions. This was made clear in the surge that Bitcoin saw previously, with many enriching themselves by investing properly. What people are lacking is the proper guidance and being well informed. This articles does well in shedding some light in that regard.

    #5736

    If you ask me, the world of Crypto is heavily regulated, manipulated, and corrupt! Most regular people that got in on the wave found themselves drowning in a sea of loss and confusion. The people who actually did make money are those on top of the chain, who surely have inside information on how this entire scam is operating. Decentralised or not, this entire crypto business is as fishy as a streetwalker’s punata, and now with this article showing there are people crypto”jacking” you. No thank you.

    #5799

    Agreed. If you ask me, the best way to avoid being crypto-jacked is to avoid using crypto altogether. Too messy and vague.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login Register