Cryptojacking: How to protect yourself

 

If you’ve been on the Internet for a while, you’ve probably heard of cryptocurrencies before. While most stores won’t accept payment in Bitcoins, cryptocurrencies have had a constant background presence in the computer world. Cryptocurrencies even appear in the news every so often, usually when someone makes it big with the currency or a bank closes its doors to it. A recent development in cryptocurrencies, however, has brought up a concern for everyone who browses the Internet – cryptojacking.

 

What is CryptoJacking?

The thing about cryptomining is that it takes up a lot of a computer’s processing power as well as electricity. People who mine for cryptocurrency will often invest in hardware upgrades as well as additional computers to dedicate to mining. This is the legal way of doing it. Unfortunately, there’s also an illegal way to mine for cryptocurrency, and that’s through a process known as cryptojacking.

The way that cybercriminals use cryptojacking methods is by uploading a Javascript miner file to a website. While such files are sometimes knowingly uploaded to certain websites, in some cases, they are uploaded after a hacker has breached the site’s security. The minder file then runs everytime someone visits the site, allowing the hacker to use the visitor’s computer to mine cryptocurrency.

Cryptojacking is different than other types of cyber-attacks in that cybercriminals aren’t trying to steal data. Instead, their only goal is to use your hardware’s processing power and electricity to mine cryptocurrency on their behalf.

While this may seem like a victimless crime, it’s not. Because they are using your processing power, it can slow down your computer considerably – and that’s the best-case scenario. In some cases, cryptojacking can cause a computer to freeze, shut down or experience hardware damage. This can happen if your computer’s processor is being used to the extent that it overheats.

 

How Does It Work?

A cryptojack starts when a Javascript miner file is uploaded to a website. This file can either be knowingly placed by the website owner or snuck in after a security breach by a hacker. When someone visits the website, the Javascript file is run, which uses the user’s computer to mine cryptocurrency. This means as long as the user is still on the site, they’ll be using their computer to do work for whoever placed the file.

Unlike other attacks, this particular one doesn’t aim to destroy or steal information from the victim’s computer. Its main goal is to simply use the hardware to perform mining operations. However, this does put additional strain on the victim’s computer. At best, this will cause their computer to slow down due to the load. At worst, it can overheat the processor which leads to computer freezes, sudden shutdowns, or even hardware damage on susceptible systems. It’s worth noting that “cryptojacking” only involves a mining script running without the user’s consent or knowledge. It does not include any service that informs the visitor of the mining, lets the user opt out of the mining service, and offers incentives for running the miner.

Coinhive, for instance, allows webmasters to set up a miner that visitors can use in exchange for an ad-free experience or in-game currencies. These services are legitimate but have unfortunately had their methods (and even their own software!) used for nefarious purposes.

An example of cryptojacking in the wild is when Pirate Bay decided to use this method to phase out advertising on their site. However, as well as failing to remove advertisements, they slipped the mining code in without any warning or any way to opt out, which caused a lot of anger!

 

How to Avoid It

If the web owner is using this method to generate legitimate income, you should be forewarned of the mining script and allowed to opt out if you want. For those who want to use your processor without your permission, however, there are some ways to avoid a cryptojacking attack.

Manual Detection

When your PC is under siege from a cryptojacking attack, it will begin to use its resources to perform a mining operation. As such, it will put strain on your hardware. This makes for a telltale sign that a cryptojack is currently underway. Thankfully, because it’s all taking place on the site, you can simply navigate away to stop the cryptojacking attack.

If you notice that your CPU goes into overdrive when visiting a specific site, it may be due to cryptojacking. You can check your CPU’s usage via your operating system. For instance, in Windows you can see CPU usage by pressing Ctrl + Shift + ESC and clicking the “Performance” tab.

Sometimes, you don’t even need to do this; just the sound of your system fans going haywire can be enough to identify high usage.

High CPU usage does not always mean cryptojacking, however. If you’re using an old PC and visiting a site with a lot of modern improvements, this may cause high usage by itself. If you’re seeing maxed-out CPU usage over a simple text article, however, it might be a sign of trouble.

Blocking the Script

Given how cryptojacking works via a website script, you can stop the problem by not allowing it to load. A good adblocker or script blocker will be able to pick up on the script and stop it from loading in the browser. There are even dedicated plugins built around stopping browser mining, such as AntiMiner. Non-Chrome users can also check out Anti-WebMiner that will block the javascript file from running.

Cryptocurrency Craftiness

While cryptojacking doesn’t aim to destroy or harm people’s computers and data, it can still be a big issue. Now you know what it is, how it works, and how to avoid cryptojacking.

Leave a Reply

Your email address will not be published. Required fields are marked *