What is Cryptojacking? The Problem is Closer Than You Think
There are enemies you can see, and there are ones you cannot. No, that’s not an Assassin’s Creed reference – though we wish it was.
What we’re talking about is something far more dangerous and extremely aggravating – cryptojacking.
Cryptojacking is a type of hacking that steals your computer resources to mine cryptocurrency from another server.
Believe it or not, people still mine crypto the traditional way in 2022. Mainly bitcoin because the Flintstone of cryptocurrency is simply too good to change.
The problem is, bitcoin and some other PoW (Proof of Work) crypto are getting harder to mine each day. It’s gotten to a point where a single computer, or even a set of computers, does not suffice for mining.
What it takes now is a giant server with the combined resources of thousands of individual networks.
This level of requirement isn’t practical for most aspiring miners and that prompts for improvisation. Unfortunately, some of that improvisation ended up on the wrong side of morality.
How Does Cryptojacking Work?
Crypto mining is the main motivation for cryptojacking due to the high requirement of computing power.
If you’re not familiar with mining, it’s basically an arduous process of solving mathematical equations to verify a bitcoin transaction.
Every time someone spends bitcoin, the blockchain keeps a record of that transaction. Before it becomes a permanent part of the network, it needs to be verified. For security reasons, the transaction is encrypted in a really long series of numbers. Miners have to keep guessing what this number is until they get it right, and for that, it takes a lot of CPU resources.
Big companies have emerged in recent years solely dedicated to mining the rest of the 2 million bitcoin in circulation. It’s become near impossible to compete with enormous chains of servers, so smaller companies or groups of individuals have resorted to stealing resources from other networks, which can include yours.
A virus is usually silent and deadly. Cryptojacking works like a virus and is certainly deadly, but it’s nowhere near being silent.
When your computer is cryptojacked, you’ll notice a spike in CPU usage without any games or heavy software running. There will be a drop in performance and everything will seem laggy like you’re back in the 90s using dial-up.
These are clear indications that your device has been compromised. The server who has hacked your network is undergoing a mining operation and using your resources to do it.
Cryptojacking works like any typical malware. Concealed inside an attractive ad or email attachment, the virus will download itself to your device once you’ve clicked on the link.
Almost immediately, the cryptojacking malware will connect with the hacker’s server and grant it access to your CPU. All this is done without you even noticing and it’d be too late when you realize what’s going on.
Cryptojacking can also be disguised as mainstream outlets or popular services, such as Walmart, Amazon, or even PayPal.
Hackers would send you a fake email in the name of a trustworthy brand, often with urgent messages, such as a warning to a non-existent issue. They would include a link and encourage you to click on it to fix or check on whatever fake issues going on with your account.
Alternatively, they could use a more lighthearted approach. This could be a fake promotional email or advertisement, often with outrageous prizes and, of course, a link for you to “claim” it.
Once you click the link, your fake issue would magically disappear or your fake prize would be “on the way” to you. Little do you know, there’s malware in your computer and the CPU has been enslaved.
How to Avoid Cryptojacking?
Discretion is key. Nothing beats a disaster like preventing it from ever happening. For some of us, that means refraining from clicking random links on the internet.
Always keep your antivirus and anti-malware clients running. For extra protection you can also download solutions like Avast or MalwareBytes.
They can auto-block crypto mining sites and prevent your device from even accessing them should you accidentally click on one.
Never open emails from unfamiliar sources. If you do open, do not click on any links. Should you receive an email from one of your regular service providers, such as Amazon or PayPal, email them first asking if they have, indeed, sent you an inquiry.
Another option if you’re super paranoid is to disable javascript on the browser. Doing this can prevent cryptojacking malware from downloading itself. Do keep in mind that by doing so, you’re compromising a large part of the browser performance in terms of UI and graphics.
Lastly, those of us who can afford it, have a separate device with its own network to work on activities that involves accessing high-risk sites. This way, even if you get cryptojacked, it would be on a spare computer.
With all that said, in the worst-case scenario, if you do get hacked, there’s a couple of removal tools that may help. Most antivirus programs have this tool and will be able to remove the malware.
For more serious cases, you might have to factory reset your device. Restore points might not remove it completely, but you can try.
Some of The Most Brutal Cryptojackers
- Smominru – WannaCry ransomware virus
- MassMiner – exploits vulnerabilities in networks
- CoinHive – disguised as a legit crypto mining company. Now, well, the cat is out of the bag.
- Prowli – a host of crypto mining pirate bots that plunder your CPU. over 40,000 machines.