Cryptojacking is a malicious activity in which an infected device is used to secretly mine cryptocurrencies. To do so, the attacker uses the victim’s processing power and bandwidth (in most cases, this is done without their awareness or consent).
In general, the cryptographic malware responsible for such malicious activities is designed to use just enough system resources to remain unnoticed for as long as possible. Since cryptocurrency mining requires a lot of processing power, attackers try and break into multiple devices. This way, they can gather enough computing resources to perform low-risk and low-cost mining.
Previous versions of malware mining relied on victims clicking on malicious links or email attachments, accidentally infecting their systems with a hidden cryptocurrency miner.
However, these more sophisticated types of malware have been developed over the past few years, taking encryption methods to a whole new level. Currently, the majority of mining malware is running through scripts deployed to websites. This approach is known as web-based cryptojacking.
Web-based cryptojacking (also known as drive-by cryptomining) is the most common form of cryptographic malware. Typically, this malicious activity is executed through scripts running within a website, allowing the victim’s browser to automatically mine cryptocurrencies for the duration of the visit. Such web-based miners are being secretly deployed in a variety of websites, regardless of popularity or category.
In most cases, Monero is the cryptocurrency of choice because its mining process does not require large amounts of resources and processing power like Bitcoin mining. Additionally, Monero offers an increased level of privacy and anonymity, making transactions much more difficult to track.
Unlike Ransomware, cryptographic malware rarely harms computers and the data stored therein. The most notable effect of cryptocurrencies is reduced CPU performance (usually accompanied by an increase in fan noise).
However, for businesses and larger organizations, reduced CPU performance can hinder their work, potentially leading to significant losses and missed opportunities.
The web-based approach to cryptojacking was first found in September 2017, when a cryptocurrency miner called CoinHive was officially released to the public.
CoinHive is compatible with all major browsers and is relatively easy to deploy. The creators keep 30% of all cryptocurrencies mined through their code. It uses cryptographic keys to determine which user account gets the other 70%.
Although initially presented as an interesting tool, CoinHive has received a lot of criticism due to the fact that it is currently being used by cybercriminals to inject malicious code into a number of hacked websites (which without the knowledge or permission of the owner).
Not surprisingly, AuthedMine is not being adopted at the same scale as CoinHive. A quick search on PublicWWW reveals at least 14,900 sites running CoinHive (of which 5,700 are WordPress sites). On the other hand, AuthedMine is deployed around 1,250 sites.
During the first half of 2019, CoinHive became the top malware threat tracked by antivirus programs and cybersecurity companies. However, recent reports indicate that cryptojacking is no longer the most common threat as the first and second positions are now taken by Trojans and Ransomware attacks.
The rapid rise and fall of cryptojacking can be related to the work of cybersecurity companies, as many cryptocurrencies are now blacklisted and detected quickly by most anti-virus software. . Furthermore, recent analysis shows that web-based cryptojacking is not as profitable as it seems.
Typical cryptojacking attacks
In December 2017, the CoinHive token was silently deployed to the WiFi networks of many Starbucks stores in Buenos Aires, as reported by one customer. The script mines Monero through the processing power of any device connected to it.
In early 2018, the CoinHive miner was found running on YouTube Ads through Google’s DoubleClick platform.
During July and August 2018, a cryptojacking attack infected more than 200,000 MikroTik routers in Brazil, injecting CoinHive code into a large amount of web traffic.
How to detect and prevent cryptojacking attacks
If you suspect that your CPU is being used more than usual and its cooling fan is making noises for no apparent reason, chances are your device is being used for mining. chemical. It is important to find out if your computer is infected or if encryption is being done by your browser.
While web-based cryptojacking is relatively easy to detect and stop, mining malware targeting computer systems and networks is not always easy to detect, as they are often designed to hide or concealed as a legitimate thing.
There are browser extensions that can effectively prevent most web-based cryptojacking attacks. Besides being limited to web-based miners, these countermeasures are often based on static blacklists, which can quickly become obsolete as new cryptojacking approaches are implemented. . Therefore, you should also update your operating system with up-to-date anti-virus software.
When it comes to businesses and larger organizations, it’s important to inform and educate employees about encryption and phishing techniques, such as phishing emails and fake websites.
How to avoid cryptojacking
Pay attention to your device performance and CPU activity.
Install web browser extensions, like MinerBlock, NoCoin, and Adblocker.
Be cautious with email attachments and links.
Install a reliable anti-virus software and keep your software applications and operating system up to date.
For businesses: teach your employees about encryption and phishing techniques.
Kaspersky Lab Says Cryptojacking Cases Surge 400% In 2018
6 Tools Hackers Use to Steal Cryptocurrencies and How to Protect Your Wallet
According to Tapchibitcoin.vn
Follow the Twitter page | Subscribe to Telegram channel | Follow the Facebook page