How to protect your computer from crypto-mining malware?

While most crypto hacks involve stealing private keys belonging to crypto wallets and emptying them, cryptojacking involves infecting a device with malware to gain control over it.

Crypto hacks and scams come in many forms. Some hackers break directly into wallets to steal coins, while others are so sneaky that you don’t even notice your device has been compromised. Cryptojacking falls into the latter category.

Cryptojacking is a cyberattack in which hackers exploit a device's computing power and use it to mine cryptocurrency without the owner's authorization. It became a widespread problem during the 2017 cryptocurrency boom as the price of Bitcoin and other cryptocurrencies soared and crypto mining became a lucrative business.

At one point, cryptojacking became the sixth most common malware in the world, according to a report from cybersecurity firm Check Point Software.

Cryptojacking has been experiencing a resurgence lately. Google’s Cybersecurity Action Team wrote in a report that 86% of all compromised Google Cloud accounts were used to mine cryptocurrency.

It’s not just individuals who are targeted: companies and public utilities have also fallen victim to cryptojacking. Tesla, for example, was attacked by cryptojacking malware and used its processing power to mine cryptocurrency in the background.

In early 2018, the UK government website and over 4,000 other websites around the world were exploited by a cryptojacking virus.

What is Cryptojacking?

Think of cryptojacking as a parasite that secretly sucks away your computer's power. It's delivered as malware that infects your device in order to use it for cryptocurrency mining. The target can be any device: a computer, a smartphone, or even a cloud server.

Unsurprisingly, the motivation is to make money. When a device is infected with cryptojacking malware, it takes control of the device's computing power and uses some of it to mine certain cryptocurrencies. It then sends any mined coins to the hacker's wallet.

There was a time when websites tried to use visitors’ computers to mine cryptocurrencies for extra income. This was called browser mining and it used a simple web browser plugin that would mine coins while you were on the website.

It’s important to point out that, unlike cryptojacking, browser mining is not a cybercrime. The biggest difference is whether the user knows and agrees to let the website use the device for cryptocurrency mining. If it happens without authorization, it’s considered cryptojacking and a criminal act.

Some have used browser mining as a new business model to monetize web traffic. Prominent digital news sites like Salon and the lesser-known but more popular site The Pirate Bay have experimented with authorized “cryptojacking” as a supplemental revenue stream. Even the United Nations Children’s Fund (UNICEF) used it in 2018 to leverage supporters’ computers to raise donations through cryptocurrency mining.

For a while, there was an entire service built on this. CoinHive provided lines of code that allowed web pages to use visitors’ devices to mine Monero, a privacy-focused cryptocurrency.

As expected, it didn’t take long for it to be used inappropriately. Web pages began abusing the service to earn extra revenue from visitors without their consent.

In fact, cryptojacking became so common that CoinHive came under scrutiny and was ultimately forced to shut down in 2019.

How does cryptojacking work?

Cryptojacking is so common because the barrier to entry for hackers is low and the profits are very lucrative.

A hacker only needs a few lines of JavaScript to infiltrate a device, which will then secretly run mining malware in the background.

Hackers could trick users into clicking on a phishing email link to upload malicious code to their devices.

Another possibility is to infect websites with cryptojacking command lines embedded in HTML code that automatically runs a program once a user opens a specific web page.

Some versions of cryptojacking malware are even capable of spreading to other devices and infecting entire servers. In some cases, this can allow hackers to benefit from the vast computing resources of large server farms for free.

In most cases, cryptojacking does not involve the theft or corruption of any personal data. Its main purpose is to gain access to your device's computing power. The longer the malware runs on your computer, the more revenue the hacker earns from mining coins.

Cryptojacking only exists in cryptocurrencies that use the Proof-of-Work consensus protocol.

According to Interpol, the most notorious cryptocurrency mined by hackers is Monero (XMR) because it offers a high level of anonymity, making transactions difficult to trace. Bitcoin, the largest proof-of-work cryptocurrency, was once popular among cryptojackers, but with the advent of specialized machines and large warehouses, mining has become so competitive that there is no point trying to mine Bitcoin with someone else's laptop.

How to detect cryptojacking?

The goal of cryptojacking is to hide in the background for as long as possible to mine more cryptocurrency. The malware is designed to use as many features as necessary and go largely unnoticed.

However, there are certain signs that your computer has been infected with cryptojacking malware. Here are some examples:

• High CPU (Central Processing Unit) usage

• The device is slow and noisy

• overheat

• The battery drains faster

• Unexpected increase in electricity bills

If you experience any of the above signs, it does not necessarily mean that your device is mining cryptocurrency. Open Task Manager on a PC or Activity Monitor on a Mac to see which programs are using your device's computing power.

The best approach is to run a system check with antivirus software. Most cybersecurity programs are able to identify, detect, and quarantine cryptojacking malware, including:

• Avira Antivirus

• Avast

• Bitdefender

• Eset

• Malwarebytes

For website operators, you can look for suspicious lines of code in the HTML code or turn to programs that scan websites for malicious code, including:

• Malcure

• Sucuri

How can you protect yourself from cryptojacking?

Cryptojacking malware is not much different from any other type of malware. The Cybersecurity and Infrastructure Security Agency (CISA) has published a long list of tips to protect your device with technical details, but here are the basic tips to avoid getting infected by a cryptojacking cyberattack:

• Install antivirus and malware protection software and keep it up to date.

• Use an ad blocker in your browser.

• Avoid websites that are notorious for running cryptojacking scripts.

• Disable Javascript in your browser.

• Protect your server park with a network security system.

•