Security News

Protect yourself from cryptojacking

Martin Hron, 3 February 2018

Is your computer secretly being used for cryptomining?

It’s staggering to realize that Bitcoin, the very first cryptocurrency, splashed onto the scene almost a decade ago. It’s only been over this past year that digital coinage has really gained its tremendous popularity. As of January 2018, there are well over one thousand varieties of cryptocurrency in circulation — Bitcoin, Monero, Ethereum, Ripple, Litecoin, IOTA and many more.

But whether you participate in the buying and selling of cyptocurrency or you know nothing about it, you could be a victim of cryptojacking. Oftentimes, people don’t even notice that their machine has been hijacked. Here’s what you need to know in order to defend yourself.

It’s the age of cryptocurrency

Cryptocurrency is digital money you use to make secure and anonymous online payments without involving a bank. All the purchases and transfers are encrypted, stored, and recorded in a ledger known as a blockchain, a kind of living history book of cryptocurrency, all its data securely encrypted with uncrackable code.

Every single transaction for every single bit of cryptocurrency is recorded in the blockchain. This requires an enormous amount of computer processing power, and that’s where the cryptominers come in.

Cryptomining is legal

It’s true. Cryptomining is a legitimate new business where companies and individuals dedicate a considerable amount of CPU power to cryptomining, an intensive process of computing and solving complicated mathematical problems in order to earn a Proof of Work, or PoW, which verifies the next block in the chain. Cryptomining serves two purposes — it updates the ledger and it releases more cryptocurrency into the system.

It also pays very well. The current reward for mining a block is 12.5 BTC (Bitcoins), which today is worth just under $140,000. That’s why everyone is getting in on the act. Cryptocurrency has become big money.

Cryptojacking is on the rise

With such serious bread behind that digital dough, of course cybercriminals wanted in. They even thought around the problem of the massive computer resources required — why invest in expensive equipment and processing chips when you can get other people’s computers to do the work for you?

In-browser cyptojacking is a very popular trick because it uses JavaScript to implant miners onto any machine that visits an infected website. The mining usually stops after you leave that website, but there were several attempts to spin up a new hidden browser window which continues mining even if you leave that web page. The miner hijacks your CPU (usually without your knowledge or consent) and redirects its power towards earning the next PoW. This takes advantage of not only your computer but also your electric bill. Worse, if forced to crank its full power for too long, your computer could overheat and you could see some programs malfunction. In the case of mobile devices, this can even lead to destruction of the device by overheating its battery or greatly reducing the device’s lifespan.

Protect against cryptomining

One tricky aspect of mining malware is that it occurs in the background, and the common user sees no sign that it’s happening. There are no obvious signs, unless your computer is overheating or slowing down substantially in how it performs very simple processing tasks.

So, while cryptomining is legal, if you want to stop others from cryptojacking your computer or avoid cryptomining altogether, you have a couple of options:

  1. One option to protect yourself from cryptomining / cryptojacking traps as you surf the world wild web — that’s not a typo — is to use an extension which automatically blocks the most common JavaScript miners.
  2. Use a strong antivirus like Avast that protects against cryptojacking by detecting all unsecure websites and blocking anything malicious, including cryptomining. 
  3. Always make sure your Windows software is updated to prevent against vulnerabilites like EternalBlue which can be used to spread cryptomining attacks.

Defend your digital life, and stay tuned to this blog for up-to-date news on the latest trends and threats.