What you need to know about cryptojacking

• Cryptojacking is the unauthorized use of a machine’s processing power to mine cryptocurrencies. In most cases, the victim does not know that the device is being used.
• Unlike many cyber threats, cryptojacking is meant to operate without the knowledge of the user.

Attackers gain access to a victim’s system by sending phishing emails that urge to download an attachment, or injecting malicious code on a website or ad. Once the cryptomining software has been installed on the machine, the process begins.

What are cryptocurrencies?

Cryptocurrency is digital money that exists only online and in no physical form.

• It leverages blockchain technology and is not controlled by any central authority. The money is stored online in virtual wallets that are encrypted.
• This currency can be exchanged online for different types of goods.
• Units of cryptocurrency, known as coins, are entries in a database. To add an entry, complex cryptographic equations must be solved.
• The first system to solve the equation is awarded the associated value worth of cryptocurrency.
• Solving these equations consumes a massive amount of computing power, and this is why attackers infiltrate into the systems of unsuspecting victims and use their processing power.

Understanding cryptojacking

Usually, a large number of people work on solving these cryptographic equations to validate the transaction and earn cryptocurrency. However, only the first one to solve it is awarded.

• With time, the complexity of equations has increased. This means even powerful processors can not mine profitably, considering the high cost of computing power required.
• Attackers hijack a network of systems to mine for cryptocurrencies, as more devices offer a better chance of mining coins.

Detection and prevention

Slow response times, device overheating, and high CPU usage are indicators that you may be a victim of cryptojacking.

Anti-cryptomining extensions and security software provide a fairly strong layer of security against this attack. Make sure that the staff in your organization are aware of the threat and don’t accidentally open or download attachments from phishing emails.

Some cryptojacking examples

In March 2018, it was discovered that cryptojacking attackers were targeting GitHub users. They forked random GitHub projects and hid the malicious software in the directory structure. The software was downloaded to the victims’ systems by luring them with phishing ads.

May 2018 witnessed the infamous MassMiner campaign by the Panda threat group. This threat group is known to mine for Monero cryptocurrency. The malware was observed to spread to other local hosts after compromising the target.

The Bangladeshi Embassy website was reported to be compromised for cryptomining activities in February 2019. Malicious Word documents were distributed and malware was injected into the visitors’ systems.

A cryptomining campaign targeted at Linux servers was reported to deliver Golang malware in June 2019. A compromised Chinese e-commerce website was used to store the malware.