Cryptojacking 101: Safeguarding Your Computer From Unwanted Browser Mining
Hacking has been a problem for decades. With the advent of the world wide web, and the integration of the financial industry into digital services, it’s safe to say that hacking isn’t going anywhere anytime soon.
Cryptojacking, the act of using a separate person’s computer as a host without their consent, is a relatively new phenomenon.
In this article, we’ll discuss cryptojacking, and important information on how to protect yourself from these distinct attacks.
What is Cryptojacking?
Cryptojacking – the unauthorized use of an unsuspecting person’s computing power to mine cryptocurrency – has taken off in the past 12 months because it is both easy and profitable.
By “jacking” or stealing a person’s computing power to mine cryptocurrency, the hash power problem among other miner specific issues are a thing of the past.
The cost of mining alone is already restrictive for miners, with a large amount of electricity required to power mining hardware. The hardware must also be high-end in order for it to be worth a miner’s while.
Mining rigs have massive hashing power (computing power) and are absolutely necessary to solve the required mathematical problems within the expected time frame of 10 minutes.
Cryptocurrencies like Monero and Bytecoin are commonly used in conjunction with cryptojacking attacks, due to both coin’s ability to mine with consumer-grade processing power.
They also don’t have a traceable public ledger like Bitcoin, Ethereum, and Litecoin have. This makes cryptojacking for these coins easy and virtually untraceable.
How it Works?
A cryptojacker will hack a person’s computer or laptop via a website with what’s called Coinhive Javascript or in the form of downloadable content.
In the cryptomining space, this computing power is called hash power. Hash algorithms solve complex mathematical problems, which then successfully mine the blocks into the blockchain.
In the early days, mining software needed to be downloaded to effectively hack someone’s computing power.
But around mid-September of last year, a company called launched a service that allows mining for Monero directly within a web browser using a simple JavaScript library.
It was originally implemented to give website owners the ability to monetize their content, similar to the idea of web advertisements.
But without a proper conversation about the potential repercussions of the software, Coinhive was released into cyberspace, embezzling millions of unsuspecting user’s computing power. Thus, cryptojacking was born.
Because of this new method of mining, all a cryptojacker needs is for an unsuspecting user to open a malicious website infected with their javascript. As you probably know, Javascript is a common programming script that many websites use.
Cryptojackers embed their malicious software into a websites javascript with Coinhive, thereby hacking millions of unsuspecting visitors.
Sometimes the website embeds Coinhive into their code alone, other times Javascript miners will hack websites that are easy to compromise.
This May, WinstarNssmMiner, a Monero mining software, infected half a million computers in three days. This specific malware actually crashed users’ systems if antivirus software was so much as detected.
The Pirate Bay, a popular torrent website, was recently caught using a Monero cryptocurrency miner on unsuspecting website visitors.
Not only did they confess to it, they suggested that the website might continue to use browser mining in the future as a way to generate revenue.
Politifact and Showtime were also busted, but the jury is out on whether or not those sites intentionally included it in their code or not.
The ethics of cryptojacking is still being disputed. Coinhive itself continues to sell it’s software to businesses.
With web advertisement malware or “malvertisements” having been dealt a huge blow via pop-up blockers and anti-virus software, web-based mining as a business model is being used to generate revenue for websites as an alternative to advertisements.
Many believe, including Coinhive, that “browser mining” or “Javascript mining” can work if done ethically. Some have suggested a mandatory opt-in option for web visitors. This way, consent is no longer an issue.
How can Computers be Safeguarded from being Cryptojacked?
With advances being made in Javascript mining in response to Javascript blocking tools and anti-virus software, how can you protect yourself against unethical cryptojacking?
Since the threat of cryptojacking isn’t expected to go anywhere anytime soon, it’s important to protect your personal computer against these types of attacks.
Here are a few simple steps you can follow to avoid cryptojacking for your personal computer:
1. Get Educated
One of the most important things you can do is educate yourself early on. This will help you identify these types of attacks before they happen.
Cryptomining is constantly evolving, and with advancing protection against these types of attacks, seasoned cryptojackers are evolving.
It’s important to know what to spot and to stay up-to-date on any of their improved techniques in response to preventive measures.
2. Check your computer for cryptojacking attacks now to make sure you aren’t already a victim
CPU usage is a big indicator. If your computer’s CPU usage is considerably higher on certain websites than it is on others, you might be a victim of a cryptojacking attack.
Windows Task Manager with Ctrl+Alt+Delete or Activity Monitor (Command + Space and search for Activity Monitor) on Mac will display your computer’s CPU usage.
You can also open Chrome’s task manager by clicking Menu > More Tools > Task Manager. It’ll show tab-specific CPU usage in Chrome. Test this feature by opening certain websites of interest and note your computers CPU usage.
3. Install ad-blocking or anti-crypto mining extensions on web browsers like Google Chrome or Firefox
Anti-mining specific browser extensions are a great way to protect your computer. NoScript for Firefox, and minerBlock or No Coin in Chrome are all great examples of the tools available to block cryptojacking attacks.
Blocking CoinHive all together can also help, and while CoinHive isn’t the only service that facilitates Javascript mining, it’s one of the most popular.
4. Use Endpoint Software or Antivirus Software that Blocks Known Javascript Mining Websites
Due to the recent spike in cryptojacking, antivirus/endpoint security software has implemented crypto mining detection into their products. Malwarebytes and Adblocker are two examples of antivirus software that have done just that.
With more and more websites implementing this state-of-the-art revenue generating tool, it’s never a bad idea to be careful.
In the future, we might see a more ethical version of cryptojacking, but until then, stay protected with the above preventative measures.
Have you experienced cryptojacking? How did you figure it out? What did you use to protect yourself against future attacks? Leave a comment below and share your story!
Feature Image Credit: shutterstock.com
Inpost Image Credit: shutterstock.com, cs4ca.com, cnet.com
References
Disclaimer
The writer’s views are expressed as a personal opinion and are for information purposes only. It is not intended to be investment advice. Seek a duly licensed professional for investment advice.More Posts
Top 7 Bitcoin Wallets: How to Keep your Cryptocurrency Safe
Keep your cryptocurrency safe without losing its value. Image - Shutterstock.com Protecting cryptocurrency isn’t alw...
Security Tokens: Here’s What You Need To Know
2017 was undeniably the year when Initial Coin Offerings (ICOs) exploded onto the scene with over 4.6 billion dollars ra...
Crypto Assets: How to Store and Secure Your Investment
Although the bitcoin network has never been hacked, it is a different story when it comes to exchanges and wallets. S...