What Is Cryptojacking?
Bitcoin is quickly approaching its 10-year anniversary. The birth of Bitcoin in 2009 had a major impact on the world. Blockchain –– Bitcoin’s underlying technology –– emerged as a solution for many real-world problems and use-cases. In a short period of time, reputable stalwarts in the industry, as well as new startups, announced their own cryptocurrencies that used decentralization to challenge traditional centralized models and business processes. In order to mine Bitcoin and other cryptocurrencies, a process known as cryptocurrency mining was utilized.
In cryptocurrency mining, computer’s resources –– especially GPU –– were exhausted for the creation of cryptocurrencies. In return, users were incentivized for their efforts in the form of cryptocurrencies as well as other types of rewards. The profits in the mining space were staggering. With little investment, miners were able to rake millions in profits.
Unfortunately, the surge in the mining industry gained the interest of cybercriminals. Hackers realized that the mining industry promised far better profits in comparison to other types of malware like ransomware. As a result, they covertly exploited a victim’s PC and cashed in on their hardware by mining cryptocurrencies out of it. The process consisted of solving complex mathematical problems. This cybercriminal activity is widely known in the cybersecurity circles as “cryptojacking”.
Recently, a study by the Cyber Threat Alliance (CTA) pointed a 459% increase in cryptojacking within a year. In India, almost 30,000 routers are estimated to be breached for cryptojacking. Similar news has been erupting from around the world as cryptojacking has replaced ransomware as the biggest cyberthreat.
How Is It Different from Ransomware
Ransomware exploits the victim by entering a PC, locking data via encryption, and asking for ransom in return. Whether a server gets affected by a ransomware like GandCrab Ransom, SamSam Ransomware, or any new ransomware, all cybercriminals are inclined to admit their presence and communicate with victims for extortion and blackmailing.
On the other hand, a cryptojacking malware,
- Stealthily gains control of a computer.
- Takes advantage of its hardware (CPU, RAM, GPU) so its processing capabilities can generate cryptocurrencies, primarily Bitcoin and Monero.
- After mining, cryptocurrencies are sent to a wallet address owned by cybercriminals.
Unlike ransomware, cybercriminals do not reveal themselves in cryptojacking campaigns. In fact, invisibility is the most integral part of their activities. As long as the malware is unknown to the victims, cryptocurrencies can be mined and profits can be increased.
Another difference between ransomware and cryptojacking is their duration of attachment to their victims. In ransomware campaigns, cybercriminals demand urgency for ransom payment so they can leave and proceed to their next victims. The average time limit can stretch from three days to a week. However, in some cases, negotiations and time-wasting techniques employed by the victims can result in a month-long confrontation.
In cryptojacking campaigns, there is no sense of hastiness; cybercriminals try to extend their span in each infected computer for longer periods of time.
How Does Cryptojacking Infect?
Cryptojacking malware spreads via four common gateways.
Spam Emails
Similar to other malware, spam emails remain an effective tool for cryptojackers too. As users open emails and click/download malicious files into their computers, the resulting payloads can install a malware in the affected computer. Such malware silently make use of the computing resources and mine cryptocurrencies.
Websites
The most dangerous as well as the most common attack medium in cryptojacking is website infection. In this campaign, a programmed script –– mainly JavaScript –– is loaded onto a website or is integrated into an online advertisement. Depending upon their modus operandi, these scripts may remain attached to a specific website or be transmitted between different websites and web pages.
When a user accesses such a website or faces the corrupted advertisement, the script detects any internet traffic and initiates its execution. The script then exploits the computing resources and keeps minting out cryptocurrencies for its creators. Unlike email campaigns, no malware is put into the visitor’s computer. Cryptojackers generally attempt incorporating cryptojacking malware in two types of websites:
- Websites that are credible and enjoy a fair amount of traffic.
- Websites that belong to the entertainment category. Such websites offer two advantages. Firstly, they are visited by non-technical and naïve people who make up for easier targets. Secondly, visitors spend a great deal of time in viewing content –– text, images, and videos –– on such websites, thereby increasing the mining profitability. As users devote hours on a daily basis, the mining script continuities getting access to the user’s computing resources.
Mobile Apps
The rise of cryptocurrency mining was not limited to desktops PCs and laptops running on Windows, Linux, and MacOS. Mobile developers deployed apps that facilitated users to mine their apps on tablets and smartphones. However, cryptojackers began infecting these apps with malicious codes too; thus, hundreds and thousands of users had no idea that their smart devices were part of a major hacking debacle.
As a result, the leading mobile OS manufacturers –– Apple and Google –– were quick in countering the rising cryptojacking industry. Apple announced regulations that prohibited the use of cryptocurrency mining in its apps. Apple declared that apps:
“Including third party advertisements displayed within them, may not run unrelated background processes, such as cryptocurrency mining.”
Likewise, Google publicized that
“We don’t allow apps that mine cryptocurrency on devices. We permit apps that remotely manage the mining of cryptocurrency,”
The statement means that while on-device mining is not possible, cloud-based mining is still supported on Android platforms.
IoT
In 2016, Mirai –– a botnet malware in which several IoT-enabled services were enslaved and controlled simultaneously –– wreaked havoc in the telecommunications industry in the USA. A year later, a variant of the malware surfaced that infected PCs and commanded them for mining Bitcoins.
Cryptojackers realized that hacking different computers with the same objective was cumbersome. Instead, they sought a strategy that could use a single distribution strategy and infect several computers at once to generate bigger amounts of cryptocurrencies in a short period of time.
Final Thoughts
Organizations were already busy dealing with the ransomware threat, and the arrival of cryptojacking has only worsened the matters. Cryptojacking malware not only slows down the performance of a PC, but it can also decrease the lifespan of hardware and even permanently damage it.
Hence, it is necessary to implement modern-day cybersecurity measures and solutions for detecting and removing such malware in time. As a first step, you can contact a reputable cybersecurity service for suggestions and recommendations. In this way, you can ensure that your servers evade cryptojacking infection.
