The cryptocurrency space has the in-built hype of huge sums of money, minimal oversight, and high-profile scandal that makes it undeniably alluring for investors – and criminals. To passively mine these digital currencies without investing in hardware of their own, bad actors use cryptojacking to mine coins through other people’s devices.
Let’s break down how cryptojacking works, why criminals use it, and how you can detect and protect yourself from it.
What Is Cryptojacking?
Cryptojacking, also known as malicious crypto mining, is the act of embedding code in someone’s computer, tablet, or smartphone that lets a third party use it to mine cryptocurrency, effectively avoiding the energy and hardware costs associated with crypto mining.
The increase in crypto-related crime is no surprise, as cryptocurrency and blockchain technology have also grown in popularity, establishing themselves as lucrative industries. Crypto exchange fraud alone is the second worst type of scam for North American businesses, costing defrauded customers an average of $300 each.
How Does Cryptojacking Work?
A cryptojacker’s first goal is to get a coin mining program onto your device, typically through a phishing or pharming scam. These two types of attacks, sometimes aided by social engineering ploys, combined to make up 32.96% of all cybercrime in 2020, affecting over 241,000 victims, according to SEON’s global cybercrime report.
Essentially, you click on a link, website, or ad containing malware that adds crypto mining code to your device. This code then quietly mines cryptocurrency while you go about your business oblivious to its presence.
You may notice a dip in your device’s performance or a sudden hike in your electricity bill, but the best cryptojacking software gives itself away as little as possible, so that its creator can keep using your resources and make a profit.
How Does Legitimate Crypto Mining Work?
These are the steps you would normally take when mining cryptocurrency:
- An individual or a group of miners with powerful, specialized computers called nodes or rigs help a cryptocurrency (such as Bitcoin or Monero) process transactions.
- The miners must then validate the effort they made, mainly through mathematical computations, like proof of work (PoW), proof of stake (PoS), and proof of authority (PoA).
- The cryptocurrency rewards the miners for their contribution.
Partner with SEON to reduce fraud rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.
Book a Demo
Why Do Some Miners Cryptojack?
Cryptocurrency mining is complex and can be highly rewarding, but it demands a lot of processing power and electricity. For example, according to the BBC, Bitcoin needs around 121.36 terrawatt-hours (TWh) per year for its transactions.
Miners who want the rewards but lack the right equipment, or don’t want to pay the price, often resort to cryptojacking. They profit from committing the attack, and all while exploiting their victim’s processing power and adding to their energy bills.
Consequences of Cryptojacking
The immediate consequences of cryptojacking concern its victims. With their technology being used without their consent, their devices start to lag, impacting their livelihood and skyrocketing their bills.
Expenses pile up as they tackle the problems caused by the hack, get rid of the malicious code, and patch up the system afterward, all demanding extra work and upgrades.
Extra staff training may be necessary, especially if the attack was due to an insider threat in the first place.
Then, you also have the environmental factor to consider, as more demands on electrical power lead to a higher carbon footprint. The bigger the company hit, the bigger the impact in terms of energy usage and reputation.
Another effect to keep in mind is the impact on the crypto market itself. Every piece of financial damage, from fraud to hacking, renews regulators’ attention on crypto markets. Increasingly, legislators are enforcing existing laws and penning new ones for the sake of customer safety within the crypto space. This includes stricter security measures like KYC for cryptocurrency, which includes using identity verification software for checks.
Such changes are a double-edged sword. On the one side, cybersecurity improves and customers feel safer, meaning the relevant software providers can push for more mainstream acceptance and investment. On the other, the anonymity that initially attracted many users to the cryptocurrency goes away, as does some of that custom.
Types of Cryptojacking
There are two ways for a cryptojacker to take advantage of your devices: browser cryptojacking and host cryptojacking.
An advert or website can contain a crypto mining script lying in wait for visitors to enter the domain. This is browser-based cryptojacking, meaning that every time someone accesses the target page, the code triggers and uses each visiting device’s processing power in order to mine.
If the site is very busy and well-designed, the script can be camouflaged and harder to detect. The fact that it is browser-based and therefore doesn’t burden your device with added software also reduces your chances of realizing something is wrong.
If you’ve heard of malicious crypto miners creating botnets by taking over unsuspecting machines, host cryptojacking is probably what you imagined. The main difference from browser methods is that this requires tricking a device’s user into downloading something containing the mining code.
Downloading this code is decidedly more dangerous, as it allows the hacker to directly use the host device’s resources. That said, the impact of these kinds of cryptojacking scripts is often easier to notice and address.
Signs to Help You Detect Cryptojacking
So, how can you tell that cryptojackers have taken over your mobile or PC? Make a note of specific signs to look out for:
- Your device is slower.
- It’s overheating or crashing without a reasonable explanation.
- The router itself seems to be lagging.
- You’re using more electrical power than you should.
- Your antivirus software flags up a website or file as dangerous.
- You or your IT team found an unknown code in your system.
Even when dealing with a browser-based mining program, you may pick up minor glitches, like webpages loading slowly or your device suddenly working harder than expected. When browsing in general, it’s a good idea to be wary of new websites you visit, and pay attention to anything unusual that happens while there.
How to Protect Against Cryptojacking
You can counter illegal mining attempts by staying vigilant and using the right tools for the job. For starters, it doesn’t matter if you’re responsible just for yourself or an entire company – get to know your device and what counts as normal performance.
From there, monitor its behavior and investigate anything suspicious, whether it’s using too much power or a program is malfunctioning. And be wary of emails, messages, or websites that urge you to click on links or adverts, especially those that seem tailored to you, as they could be spear-phishing scams.
In terms of tools, look for coin mining and ad blockers to add to your browser. Plus, make sure your cybersecurity is high quality and regularly updated to patch up any vulnerabilities.
You could even tailor your personal management suite to include solutions for link analysis, showing you what you shouldn’t click. On the ground level, bring a little suspicion with you to your online interactions, including on your own device or PC if it starts behaving strangely. With such tools in place, alongside a well-trained workforce in cybersecurity risks and safety measures, criminals will have a hard time infiltrating and abusing your resources.
Contact Us for a Demo
Feel free to reach out to us for a demo!