A new security threat is in town: cryptojacking. The cryptocurrency explosion is moving nefarious individuals to power mining systems anyway possible. And the latest method for securing additional, free power is by hijacking your system resources.
We wrote recently concerning the significant rise in browser-based cryptocurrency mining scripts. Well, those scripts are now in their next phase, making it easier for criminals to harvest your machine for longer, without alerting you to the resource-sucking issue at hand.
Let’s find out what cryptojacking is and what you can do about it.
Why Steal System Resources?
Before we consider cryptojacking as a whole, let’s consider the reasons behind it. Why are hackers stealing system resources?
Well, cryptocurrency doesn’t grow on trees. No, it grows on servers, waiting to be mined. That doesn’t help things, either. The vast majority of cryptocurrencies use “mining” to mediate the specific crypto-network.
Network transactions are added to a block. The block sends to the network of connected miners (users who have downloaded the blockchain) for verification. The miner’s systems process complex equations and, on confirmation that the transactions are legitimate, the block adds to the chain. At that point, the transactions contained in the block process, while the miners receive a block reward (this differs between cryptocurrencies; the current Bitcoin reward is 12.5 BTC).
The key to crypto-mining success is how quickly your system processes equations. Bitcoin mining is now useless for the average, nay, even high-end systems. The sheer volume of mining power drowns out tiny home systems. You’ll note that if you complete an internet search for “mining pc” the results all relate to Ethereum and other, smaller cryptocurrencies.
So, the key to making money mining cryptocurrency is raw processing power. And what better way to harness processing power than by stealing that from unsuspecting internet users?
That’s where cryptojacking picks up the slack. Not content with building mining rigs with expensive specialized equipment, enterprising hackers spotted an opportunity. Cryptocurrency mining scripts aren’t that new — we’ve seen several sites trial them as a revenue stream. Furthermore, we’ve seen several notable websites succumb to cryptocurrency mining.
Okay, So What’s Cryptojacking?
Cryptojacking is the coverall term given to this type of drive-by browser-based cryptocurrency mining. CoinHive, purveyors of the most popular script, advertise their product as an alternative to advertising revenue. Their script allows users to “pay you with full privacy, without registering an account anywhere, without installing a browser extension and without being bombarded by shady ads.” The last part of that sentence alone is laughable.
The practice has evolved even in the short time CoinHive and its script have been active. The latest version of the script (known as AuthedMine) offers users the chance to accept the cryptocurrency mining, or decline and face regular ads, instead. The new opt-out is optional, mind. Not every website running the CoinHive script will make this offer.
Cryptojacking is evolving in other ways, too. Not content with simply pillaging other people’s systems for personal gain, enterprising hackers send unsuspecting users through redirect loops. Users end up on a web page running a cryptocurrency mining script. If they don’t notice, hackers make more money.
With that in mind, there are instances of a tiny browser window hiding beneath the system clock, found on the taskbar. The tiny browser window is obscured by the system clock and is “free” to run the mining script until the user notices something is wrong.
How Widespread Is Cryptojacking?
Well, a recent study conducted by independent security researcher Willem de Groot revealed 2,496 individual sites running a crypto-mining script. The sites de Groot found all run outdated software that is easily exploited by hackers. A hacker compromises a site then inserts their dedicated CoinHive code, letting the site and its users do the rest.
In October 2017, Malwarebytes reported [PDF] 8 million blocks per day, each preventing potential cryptojacking. Furthermore, the report illustrated cryptojacking activity by geolocation. The U.S. tops the list with 32 percent of all attempted cryptojacking traffic (followed by Spain, France, Italy, and Canada).
Web pages aren’t the only thing with the potential for hijacking. Malicious apps are dime-a-dozen on the Google Play Store, but researcher Gabriel Cirlig at ixiacom noted two apps with a combined 15 million downloads (both apps have since rectified the issue).
The answer is… it’s neither here nor there. Yes, there are malicious apps and websites unwittingly crypto-mining on someone else’s behalf. Yes, there are some sites seriously considering cryptojacking as a viable alternative to regular advertising. No, it isn’t quite as widespread as some news outlets would have you believe.
Is It Illegal?
Here’s the thing: it isn’t illegal — yet. It’s only unethical and extremely frowned upon.
But as yet, it isn’t illegal to harness someone else’s processing power to mine cryptocurrency in this manner. It differs from a botnet because the hackers are not forcing malware onto your system. Furthermore, the script itself doesn’t create a permanent vulnerability for exploitation by other nefarious parties. When the tab closes, the miner stops.
The serious complications arise because to some, CoinHive and “legitimate” browser-based crypto-mining scripts present a viable, even attractive alternative to the bloated advertising networks. As advertisers become more aggressive in their ad displays, more and more people are switching ad-blockers on. This, in turn, hurts the pockets of the website owners. And it isn’t like traditional ad networks are free of security risks anyway. (Malvertising campaign, anyone?)
Major institutions are unsure how to approach it, too. Malwarebytes blocks the CoinHive site as a malicious or unwanted site. But Malwarebytes Lab director Adam Kujawa says, “I actually think the whole concept of a script-based miner is a good idea. It could be a viable replacement for something like advertising revenue. But we’re blocking it now just because there’s no opt-in option or opt-out. We’ve observed it putting a real strain on system resources. The scripts could degrade hardware.”
Unfortunately for CoinHive, intentions good or bad, their original script is out there. And that script is popping up again and again in less-than-favorable circumstances, on websites that are obviously compromised.
How Do I Stay Safe?
Staying safe isn’t actually too difficult. There are two main methods.
- Browser Extensions: There are several anti-mining specific extensions for Chrome (the browser with the highest rate of cryptojacking). Try No Coin or minerBlock.
- Script Blockers: The above blockers focus on mining scripts. There are other excellent script blockers available for Chrome and other browsers. uBlock Origin has an excellent array of script blocking lists. Mozilla users might try NoScript.
As we have seen, cryptojacking isn’t an enormous problem — yet. But as more sites realize it is a potentially lucrative revenue stream there may well be an uptick.
Have you experienced cryptojacking? What site were you visiting? Did you realize straight away? What do you think about cryptojacking as a standard advertisement replacement? Let us know your thoughts in the comments!