Has Your Computer Been Cryptojacked?
Have you noticed a louder whizzing noise from the CPU fans whenever you use your computer? You may inadvertently have accepted an in-browser mining add-on that is mining crypto without your knowledge.
You Have Been Cryptojacked!
Computer users won’t notice that their systems have been affected apart from system lags or performance issues.
What is a Cryptojack?
A crypto jack is a form of cyberattack where stolen computing power is converted into cryptocurrency. The conversion process is called mining and it is a computationally intensive process that computers in a P2P network compete to verify the transaction record called the blockchain and receive cryptocurrency in return.
The well-known crytpojacking script was released in Septermber 2017 by a company called Coinhive. The tool was designed to give website owners a way to make money without displaying ads. Unfortunately, when it got into the hands of malware authors, they used the tool for their nefarious purposes.
Cybersecurity experts have discovered the cryptojacking tool hiding in Chrome extensions, hacked Wordpress sites, ‘malvertising’ hacker sites and even in high-power enterprise servers. Researchers estimate that cryptojackers can conservatively generate up to USD 30,000 worth of cryptocurrency per month. The cryptocurrencies of choice are typically CryptoNote based currencies such as Monero and zCash. These currencies, which employ the CryptoNight mining algorithm, have cryptographic features that make transactions untraceable.
In the past, cryptocriminals may have mined Bitcoins as part of their loot. However, recent cases have shown that Bitcoin transactions are not totally anonymous nor untraceable. In addition, it has become more costly to mine Bitcoins with the extreme competition to confirm the blockchain transactions with expensive special-purpose GPU based servers . These cons have moved onto newer, easier-to-mine and profitable cryptocurrencies. In addition, it also helps that the CryptoNight mining algorithm used by CryptoNote based currencies can be mined on the billions of vulnerable modern CPUs connected to the Internet.
The tactics used by the cryptojacking malware include cross-site scripting and remote code execution to brute force attacks and SQL injection. Intrusive and malicious cryptocurrency mining can threaten the availability and security of a network or system, and the data stored on them. What’s worse is that victims become part of the problem, when their computers further the spread of the cryptojacking operation.
Reported Cases
1. Showtime
An alert Twitter user raised the alarm in August 2017, that the source code for the Showtime Anytime website contained a tool that was secretly hijacking visitors’ computers to mine Monero, a cryptocurrency focused on anonymity.
Showtime quickly removed the malware after it was alerted to it. To this day, it has not been discovered how the tool was embedded to the site. Unfortunately, the same malware code that was discovered has been spreading to other Internet sites.
2. Kaspersky
According to Kaspersky’s research, Coinhive’s miner is not the only cryptojacking malware discovered on their clients’ computers and servers. Hackers are innovating with a variety of approaches to hijack computers.
3. IBM
According to IBM’s X-Force security team, numerous attempts have been made by cryptojackers to install their mining malware on enterprise-grade servers owned by medium and large sized organizations. In fact, these attempts have gone up by about 6 times between January and August 2017.
4. PirateBay
PirateBay installed the Coinhive JS miner into their website without directly informing their site visitors. This was an experiment to discover if this was a way to sustain their site economically without depending on the low-grade advertisers that the renegade site attracted. They had to disable the Coinhive software from the public backlash that resulted.
What Protective Measures Can Be Taken?
These are some of the steps you can take to protect your or your organizations’ computers:
Install a modern and updated antivirus software. These antivirus tools can detect cryptojacking malware without too much difficulty.
Adopt best practices to minimize cryptojacking attacks. Keep software packages regularly updated – including browsers. Highlight the dangers of malware by cultivating a security-aware workforce through adequate education and role-based training.
Use application whitelists to prevent unknown executables from launching on systems within your organization’s networks. In addition, you could use JS-blocking applications to prevent scripts like Coinhive’s from executing. The good news is that since the Coinhive script has no persistence mechanism, the script can be easily terminated by closing the website or browser. Another tactic to consider is to perform input validation on Web applications to mitigate injection attacks.
A growing problem for many organizations is rogue employees compromising high powered enterprise servers to mint cryptocurrencies. There was a recent case of scientists and researchers at a Russian nuclear research institute that were caught and arrested for using the facility’s supercomputers to mine cryptocurrencies.
These inside jobs can be fairly difficult to detect. Organizations are relying on external IT auditors and a combination of artificial intelligence and machine learning to monitor and detect anomalous activity inside networks.
Summary
A new threat to our privacy and security has emerged in the form of cryptojacking. This form of malware uses your computer’s resources to mine cryptocurrency surreptitiously when you visit certain websites that run a mining script. Computer users may experience a loss of performance when their computers have been compromised.
At the moment this form of malware can be rather easily detected by installing an updated antivirus software and neutered by closing the browser and removing the offending script. Awareness of these scripts should be increased and common system security measures should be undertaken.
References:
While this is problematic, in terms of data gathering/storage, advertisers are employing methods much more concerning than mining. I am curious to see if remote cpu mining (that is disclosd to users of course) is a viable alternative to the traditional web advertising model.
If it is disclosed, I believe it is less of a distraction to the user than typical ads. Thanks for your comment!
Agreed, used responsibly this could be a great alternative to ads and all the metadata they collect on consumers.
I’d rather generate a few cryptos for my favorite websites than have amazon collect all my personal shopping habits to be sold of to the highest bidder.
Congratulations @acdevan, your post has been selected by the @asapers for a resteem and a feature in our brand new curation post. Issue 5
What does this mean for you? Well first an upvote from some members of the team, we are no @curie but who is going to be unhappy with some extra upvotes. Second each post featured in the article will receive a 10% share of the curation post.
Keep up the great work and please consider supporting the @asapers with a follow and an upvote on the post you feature in. Please wait seven days for payout.
Your friendly @asapers
Giving back A.S.A.P
Thank you very much! Upvoted & following.
A recent report from Wired details how the Tesla cloud has been cryptojacked to secretly mine cryptocurrencies.
thanks for the warning.actually I've installed cryptotab on google extensions to use it to mine bitcoin passively and disabled it when i read your post.
Glad that the post was able to raise awareness. Thanks for letting me know.
Thanks for the knowledge. I'm curious if these crypto hacks are browser agnostic.
They appear to be browser agnostic; although Chrome is mentioned quite regularly in media posts.