What is cryptojacking? Why criminals love this con
Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on the computer or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser. In fact, hackers often will use both methods to maximize their return.
Unlike most other types of malware, cryptojacking scripts do no damage to computers or victims’ data. They do steal CPU processing resources—and sometimes the only sign a victim will notice is slower performance as the cryptomining code works in the background.
For individual users, slower computer performance might be just an annoyance. Organizations with many cryptojacked systems can incur real costs in terms of help desk and IT time spent tracking down performance issues and replacing components or systems in the hope of solving the problem.
At the EmTech Digital conference in 2018, Darktrace told the story of a client, a European bank, that was experiencing some unusual traffic patterns on its servers. Night-time processes were running slowly, and the bank’s diagnostic tools didn’t discover anything. Darktrace discovered that new servers were coming online during that time—servers that the bank said didn’t exist. A physical inspection of the data center revealed that a rogue staffer had set up a cryptomining system under the floorboards.
No one knows for certain how much cryptocurrency is mined through cryptojacking, but there’s no question that the practice is rampant—for the simple economic reasons: more money for less risk. And with inexpensive kits available on the dark web, cryptojacking doesn’t even require significant technical skills. In fact, cryptomining delivery methods are often derived from those used for other types of malware such as ransomware or adware.
In 2017 Kaspersky Labs discovered a Google Chrome extension that used Facebook Messenger to infect users’ computers. Dubbed Facexworm, it was originally used to deliver adware. In 2018, Trend Micro found a variety of Facexworm that targeted cryptocurrency exchanges and was capable of delivering cryptomining code. It still used infected Facebook accounts to deliver malicious links, but could also steal web accounts and credentials, which allowed it to inject cryptojacking code into those web pages.
How to prevent cryptojacking
While criminals are constantly changing and evolving their techniques to avoid detection, there are steps you can take to prevent cryptojacking.
Learn how to spot a phishing email. Tricking a potential victim into clicking on a malicious link is a time-tested and highly effective method of delivering.
Install an adblocker. Since cryptojacking scripts are often delivered through web ads, installing an ad blocker can be a good preventive measure. Some ad blockers can even detect cryptomining scripts.
Use antivirus. Many of the antivirus software vendors have added crypto miner detection to their products—and while they’re not foolproof, they do provide a layer of protection.
