What Is Cryptojacking and How To Protect Yourself

Cryptocurrency is a form of digital currency that can be used in exchange for goods, services, and even real money. Users can “mine” it on their computer by using special programs to solve complex, encrypted math equations in order to gain a piece of the currency.

What is Cryptojacking?

Cryptojacking is a form of cyber attack in which a hacker hijacks a target’s processing power in order to mine cryptocurrency on the hacker’s behalf. Cryptojacking has become an increasingly popular way for bad actors to extract money from targets in the form of cryptocurrency. Widely publicized hacks such as the WannaCry worm, which affected systems on several continents in May 2017, encrypted victims’ files and demanded cryptocurrency ransoms – bitcoin, in the case of WannaCry – in order to decrypt them.

Cryptojacking takes a different approach, harnessing victims’ machines to “mine”: perform the computations necessary to update cryptocurrencies’ blockchains, creating new tokens and generating fees in the process. These new tokens and fees are deposited to wallets owned by the attacker, while the costs of mining – electricity and wear and tear to computers – are borne by the victim.


Why Cryptojacking?

Cryptojacking is a way for cybercriminals to make free money with minimal effort. Cybercriminals can simply hijack someone else’s machine with just a few lines of code. This leaves the victim bearing the cost of the computations and electricity that are necessary to mine cryptocurrency. The criminals get away with the tokens.

How Cryptojacking Works?

Coin mining on your own can be a long, costly endeavor. Elevated electricity bills and expensive computer equipment are major investments and key challenges to coin mining. The more devices you have working for you, the faster you can “mine” coins. Because of the time and resources that go into coin mining, cryptojacking is attractive to cybercriminals.

There are a few ways cryptojacking can occur. One of the more popular ways is to use malicious emails that can install cryptomining code on a computer. This is done through phishing tactics. The victim receives a seemingly harmless email with a link or an attachment. Upon clicking on the link or downloading the attachment, it runs a code that downloads the cryptomining script on the computer. The script then works in the background without the victim’s knowledge.

Another is known as a web browser miner. In this method, hackers inject a cryptomining script on a website or in an ad that is placed on multiple websites. When the victim visits the infected website, or if the malicious ad pops up in the victim’s browser, the script automatically executes. In this method, no code is stored on the victim’s computer. In both these instances, the code solves complex mathematical problems and sends the results to the hacker’s server while the victim is completely unaware.

Cryptojacking generally works by embedding a JavaScript component in a website that can use a visiting device’s processing power to mine a crypto. One of the most popular tools among cryptojackers is a JavaScript plugin called Coinhive, which mines Monero (a popular crypto). A portion of the processing power that a computer allots to a website with the Coinhive plugin goes towards the mining process, which goes to the hackers. Teh creators of the tool then get a 22% cut of the mined Monero.

Hackers use cryptojacking to mine cryptos (usually Monero) for themselves. While each visitor might only do a tiny bit of mining while they’re there, every user lending some computing pwoer over time can generate real money. And users might not even notice what’s happening. Although not as valuable as bitcoin, a single Monero is worth around US$ 47 (as on 19 Dec 2018). And its easy to mine on a personal computer, unlike bitcoin, whose mining process usually requires large server farms. It’s easy money for the hackers, without much risk or costs.

How to Detect Cryptojacking?

Cryptojacking usually affects anything that runs a browser with JavaScript. So your desktop, laptop and even mobile phone could be potential targets. Some of the symptoms of cryptojacking are

  • High processor usage on your device
  • Sluggish or unusually slow response times
  • Overheating of your device

It can significantly affect the performance of your device, especially if its an older device. This can affect the user experience or even freeze and personal data could be lost. It can also pump up your electricity bill.

How to Proect Yourself From Cryptojacking?

If you hear your computer’s fan start whirring fast when you visit a new website, or if the browser suddenly slows down dramatically, a cryptojackig miner may be running. If a webiste is mining currency with your computer, you can close the webpage to first stop the acitivty. There are browser extensions called NoCoin that can be used to block Coinhive and other cryptojacking miners. Also adblocking extensions and a good, reliable and updated anti-virus program can keep your device protected.

Though in a vast majority of cryptojacking scams that have surfaced, neither the website nor their users were aware that they were victims.