What is Cryptojacking?
How is cryptojacking different from cryptocurrency mining?
Cryptojacking is the unauthorized use of a computer or device’s processing power to mine cryptocurrencies, often without the owner’s consent or knowledge. Cryptojacking is considered a form of cybercrime.
In contrast, traditional cryptocurrency mining is a legitimate process where miners invest their own hardware and resources to voluntarily mine cryptocurrency.
How do cryptocurrency mining cryptojacking relate?
Cryptocurrency mining is the process of validating and recording transactions on a blockchain through complex mathematical computations. Miners use their computational power to solve these cryptographic puzzles, and in return, are rewarded with cryptocurrency.
With the most popular cryptocurrency Bitcoin reaching a peak of $66,000 in 2021, crypto mining can be extremely lucrative. However, the mining process typically consumes large amounts of computational power and electricity, drastically increasing the costs of mining.
As such, cryptojackers essentially steal computing and energy resources for mining to reduce their costs and increase their “profits” earned from cryptocurrency mining. In 2022, it was estimated that cryptojackers used $53 worth of system resources for every $1 that was mined.
How does crypto mining work?
Cryptocurrency is a form of digital currency that is based on the principles of complex mathematical encryption. They are transacted on a decentralized distributed ledger known as a blockchain.
Without a centralized governing body, transactions made on the blockchain have to be approved by miners who solve cryptographic puzzles to validate them. This process is known as “crypto mining” and requires a large amount of computational power. Thus, the first miner to solve the puzzle is rewarded with cryptocurrency for their efforts.
The primary components of crypto mining include:
Blockchain
The underlying distributed ledger technology where transactions are recorded and validated.
Mining software
Specialized software that connects miners to the cryptocurrency network and manages mining tasks.
Mining hardware
Devices equipped with powerful CPUs, GPUs or ASICs (Application-Specific Integrated Circuits) for efficient computations.
Mining pool
Miners can join mining pools to combine resources and share rewards, reducing their variance in earnings.
Cryptocurrency wallet
A digital wallet to store and manage earned cryptocurrencies.
What are the typical signs of cryptojacking?
Common signs of cryptojacking include:
- Reduced performance: Device has unusually slow performance, is overheating, has increased fan activity, or faster battery drainage.
- Increased energy consumption: Device is consuming more electricity than usual which may also lead to increased electricity bills.
- Elevated CPU/GPU usage: Monitoring Task Manager or Activity Monitor may reveal unusually high CPU/GPU utilization. Applications or software may also crash more frequently due to excessive CPU/GPU usage.
What are security risks associated with cryptocurrency mining?
Cryptocurrency mining can also be done on mobile devices through Android applications. However, there are certain risks associated with cryptocurrency mining:
Battery drain and overheating
Continuous mining can rapidly deplete a device’s battery and cause overheating, potentially damaging the hardware.
Data privacy concerns
Applications may be able to access data and information from the device or other applications.
Embedded malware
These applications or software may also contain malware.
Fraud and scams
Some applications are fake and aim to scam users by making them pay a fee to “mine cryptocurrency”.
How do cryptojackers compromise devices for mining and what resource is often compromised?
Cryptojackers often compromise a device’s CPU/GPU power through:
Browser injections
Inject Javascript-based cryptojacking scripts into websites which run when users visit the website.
Phishing attacks
Trick users into downloading mining software through phishing emails.
Supply chain attacks
Attackers can embed cryptomining scripts into open-source code repositories.
Unsecure cloud infrastructure
Cryptojackers can hijack cloud infrastructure which may have exposed APIs or allow unauthenticated access.
Certain cryptojacking malware also have worm-like propagation capabilities, allowing the malware to move laterally through the network and infect even more devices to be exploited for cryptomining.
What is the significance of anti-mining VPNs in preventing cryptojacking attacks?
Anti-mining VPNs are designed to detect and block connections to known cryptojacking servers and websites. They help prevent cryptojacking by blocking the communication channels between the victim device and the attacker’s mining pool, thus stopping the unauthorized use of resources.
What methods and techniques do cryptojackers employ to evade detection?
Cryptojackers employ various evasion techniques, such as:
Fileless Malware
Avoiding traditional file-based detections.
Encrypted traffic
Encrypt mining traffic to bypass network detection features.
Mining pool proxy
To hide the actual mining pool destination.
Who are common targets for cryptojacking? How can individuals and organizations protect themselves from cryptojacking?
Cryptojacking attacks commonly target:
Websites
Cryptojackers are able to inject mining scripts into poorly secured websites, which will mine cryptocurrency within the user’s browser when the website is visited.
End-user devices
Devices such as laptops, desktops, smartphones, and IoT devices can be targeted by cryptojackers for their computing power.
Cloud infrastructure
Cryptojackers are also taking advantage of the scalability of cloud instances.
Protection from such attacks involves:
Security software
Use anti-virus and anti-malware software which may be able to detect and remove any unwanted programs.
Ad-blockers
Block malicious ads that host mining scripts.
Regular updates and patches
Keep software and operating systems updated to prevent exploitation of known vulnerabilities. For example, Darktrace DETECT identified a crypto-mining campaign which exploited a Log4j vulnerability.
Security awareness and training
Educate users to recognize phishing emails and avoid clicking on links or downloading attachments from such emails.