What is Cryptojacking and How Can You Protect Yourself From It?

What is Cryptojacking and How Can You Protect Yourself From It?

Cryptojacking is a form of cyber attack in which a hacker hijacks a victims processing power in order to mine cryptocurrency on the hackers behalf.

Cryptojacking harnesses a victims machine to perform the computations necessary to update cryptocurrencies blockchains, creating new tokens and generating fees in the process. These tokens and fees are deposited to the wallets owned by the attackers, while the costs of mining - electricity and wear and tear to computers and other devices - are borne by the victim. This occurs when a website runs hidden cryptocurrency mining scripts in the victims browser.

Why is cryptojacking bad?

“The problem,” explains Lotem Finkelstein, a threat intelligence analysis team leader at Check Point, “ is that [cryptojacking is] simply everywhere - on websites, servers, PCs and mobile.” Check Point says that it has affected as many as 55% of organisations globally, while security researchers at Wandera claim instances on mobile devices increased by 287% between October and November in 2017.

While Bitcoin mining requires specialised hardware that consumes masses of energy, other cryptocurrencies such as Monero can be mined by anyone with computing power to spare.

Mining usually takes the form of a competition - whichever computer solves the equation the fastest is rewarded. With Monero and other similar cryptocurrencies, a pool of computers can work together and share the reward. This allows individual computers to work on just a small part of the mining task. The more computers working together, the more chance there is of winning the reward.

When a device is cryptojacked, it is added to the pool to work on the task. This is often done using a commercially available piece of software such as Coinhive, which can be written into what looks like an ad using Javascript. As the software runs in the background, the device is added to the mining pool.

Credit: Andrey Politov | Dreamstime.com

This means that the website or internet provider can mine with little or no cost to themselves. The problem for the devices owner is that this takes up processor power, making other operations take much longer. This can also be accompanied by a large battery drain.

However, some security experts argue that one day, cryptocurrency mining could be used in a positive way, as an alternative to online advertising, which hosts its own array of problems.

“Everything is kind of crazy right now because this just came out,” says Adam Kujawa, the director of Malwarebytes Labs. “But I actually think the whole concept of a script-based miner is a good idea. It could be a viable replacement for something like advertising revenue. But we’re blocking it now just because there’s no opt-in option or opt-out. We’ve observed it putting a real strain on system resources. The scripts could degrade hardware."

How can you protect yourself against it?

The most simple way to protect yourself from cryptojacking is to install a cryptojacking blocker. This means adding a browser extension that blocks a list of domains associated with cryptojacking code. Three extensions made specifically to block browser mining are AntiMiner, NoCoin and MinerBlock.

Ad blocker programs can also be used to protect from hidden crypto-mining and all major Antivirus vendors have blacklisted known browser mining scripts.