Introduction:
In the current digital era, we face sophisticated threats that operate stealthily, concealed within the vast cyberspace network. Among these threats, cryptojacking stands out as an insidious tactic seeking unauthorized enrichment at the expense of unsuspecting users. This phenomenon showcases the growing creativity of cybercriminals, who leverage technological evolution to develop new forms of attacks.
Â
Cryptojacking, unlike other cyber threats, operates in the shadows, utilizing the computational resources of unaware victims. These attacks deviate from the types of assaults traditionally associated with cyber criminals, as the aim is not to directly steal data but to exploit computing resources for cryptocurrency mining. Users, often oblivious to the presence of these intruders, become involuntary victims of an attempt at unauthorized enrichment.
Â
This article explores the workings of cryptojacking, and its attack vectors, analyzes the consequences of falling victim to it, and suggests possible remedies to mitigate its effects. Given the ever-evolving nature of technology, it is crucial to understand how these new types of attacks and techniques emerge.
How Does It Work?
To comprehend the motivation behind cryptojacking, it's essential to explain what attackers seek and understand the technology behind cryptocurrencies. The attacker's goal is to obtain cryptocurrencies, which utilize a distributed database known as blockchain. This blockchain is a constantly updated database that records information about ongoing transactions. Each transaction is grouped into a block through a complex mathematical process that becomes more resource-intensive as more blocks are created. Crypto miners, like cryptojackers (Crypto miners do it in a legal way where cryptojackers use illegal methods for this), aim to obtain these blocks containing cryptocurrencies by lending processing power for these complex mathematical processes. In essence, it's an exchange of resources for crypto coins.
Â
Unlike other types of attacks, cryptojacking seeks to remain hidden from users, infecting any available device, be it on a computer, smartphone, tablet, or even servers. It uses the computational resources of these devices without detection. Thus, if the attacker manages to infect a large number of devices, the likelihood of success increases, gaining more processing capacity means that the chances to gain crypto-coins are improved. Hence, this attack must remain concealed, as discovery would diminish the attacker's ability to generate cryptocurrencies.
Risk Vectors:
Cryptojackers employ various infection vectors for spreading their malware, utilizing techniques such as:
Email: Using phishing techniques to distribute malicious mining programs through email attachments or links.
SMS: Less common but used similarly to propagate malware, containing links to attacker-controlled sites.
Malvertising (Unwanted Advertising): Creating ads with malware and placing them on various websites.
Once the malware successfully installs, it typically runs in the background, utilizing the computational resources of the device for cryptocurrency mining. The mined coins are then sent to the attacker's wallet.
Consequences of Infection and Remediations:
Some of the most common indicators that your device or system has been infected by a crypto-jacking attack are:
Â
Overheating: Cryptojacking is a resource-intensive process that can cause computer devices to overheat. This can lead to damage to the computer or shorten its lifespan. If the fan of your laptop or desktop is running faster than usual, this could be an indicator that a script or website is causing the device to heat up.
Decreased Performance: One of the primary symptoms of cryptojacking is a decrease in the device's performance. A slow system can be a significant signal to watch out for, especially if the device experiences frequent crashes or unusually poor performance. Another potential indicator is a faster-than-usual depletion of the battery.
Increased CPU Usage: If you notice an increase in CPU usage when on a website, it could be a sign that cryptojacking scripts are running. A good test is to use the "Activity Monitor" or "Task Manager" in Windows and check CPU usage. Always keep in mind that malware may be hidden or disguised as a legitimate program or process.
Remediations:
Antivirus and Antimalware:
Use up-to-date antivirus and antimalware software.
Use browser extensions:
Install browser extensions that aid in identifying and preventing these attacks. Examples include No Coin, MinerBlock, and Crypto Miner Blocker. Ad-blocker extensions such as uBlock or JavaScript-blocking extensions like NoScript can also prevent cryptojacking.
Keep software updated:
Regularly update your software. Updates often contain security patches that can prevent exploits used by cryptojackers.
Education:
Educate users to recognize phishing emails and malicious websites, reducing the likelihood of infection with cryptojacking malware.
System performance monitoring:
Regularly monitor your system's performance using tools like the Activity Monitor or Task Manager. Pay attention to signs of unusual increases in CPU usage.
Incidents: Â
In 2019, eight applications that clandestinely mined cryptocurrency were expelled from the Microsoft Store. It was believed that these applications originated from three different developers, although suspicions arose that the same individual or organization was behind them. These applications appeared within the list of the most popular free applications. When a user downloaded and initiated one of the applications, they unwittingly downloaded JavaScript code for cryptojacking. The miner would activate, initiating the mining process for the cryptocurrency known as Monero. (Source: kaspersky.com)
Conclusion:
We live in a world where both technology and threats are in constant evolution, and cryptojacking persists as an ever-present reality. The silent infiltration of these malicious applications, as evidenced by the Microsoft Store case in 2019, underscores the importance of staying vigilant. Users must be aware of the potential risks associated with downloading applications and be attentive to signals that could indicate cryptojacking activity. Continuous education on online security practices and the implementation of preventive measures, such as using updated antivirus software and exercising caution when interacting with online content, is fundamental. By remaining informed and alert, users can strengthen their cybersecurity and safeguard their digital assets from this emerging threat.
Author:
Jacobo Arzaga MartÃnez
References: