The prosperity of earlier blockchain-based coins is primarily due to mining. To link blocks and preserve the integrity of the transactions, a network of connected miners must solve a challenging mathematical problem. In return, miners get a portion of the crypto they mined as a reward.
However, the high value of cryptocurrencies, among other benefits, has drawn a lot of bad actors, who mine these currencies using resources owned by their legitimate owners. As a result, the threat of illicit crypto-mining has increased significantly over the past few years. It is now ranked higher than ransomware as one of the biggest cybersecurity threats. For instance, with a rise of 86%, the average monthly number of cryptojacking incidents in 2022 is up to 15.02 million, up from 8.09 million in 2021 (livemint.com).
In the above context, this article aims to make people aware of the cryptojacking crime and how to detect and protect themselves from this mining malware.
Cryptojacking is an amalgamation of two words: cryptocurrency and hijacking, which refers to the illegal use of processing power and bandwidth from online users to mine cryptocurrencies. After 2017, when hackers began to use legal mining programs, mainly Coinhive scripts, it gained popularity. In reality, Coinhive was a legitimate mining service that offered servers and software for in-browser mining operations. Nevertheless, before the Coinhive closure in March 2019, approximately 10 million web users each month had fallen victim.
A victim of cryptojacking could experience poor computer performance in addition to high electricity costs. According to a scholarly study, a cryptojacking website can cause a victim's computer to perform worse by up to 57%, become hotter by up to 52.8%, and use more CPU by up to 1.7 times.
In-browser and host-based crypto jacking are two ways used by hackers to inject malicious scripts into websites, apps, etc.
Interactive web content is now possible because of the advent of web technologies like WebAssembly (Wasm) and JavaScript (JS), which can access the various computational capabilities (such as processing power) of the victim's mobile device or computer. These web technologies are used by in-browser cryptojacking malware to gain illegal access to the victim's machine and mine cryptocurrencies using the victim's CPU.
Illegal owners use the following steps during the in-browser cryptojacking process:
After the service provider reduces its service price, the script owner receives its portion from the service provider using its service credentials. In this environment, attackers utilize victims' CPU power while providing no compensation or other benefits to the victims.
Host-based cryptojacking is a stealthy malware technique used by attackers to gain access to the resources of the victim host and turn it into a zombie computer for the virus owner. In contrast to in-browser cryptojacking malware, host-based malware is installed on the host system to access the victim's computing resources utilizing strategies such as social engineering, being implanted inside third-party software, or exploiting security holes.
Hackers use the following steps to inject the host-based cryptojacking process:
Cryptojacking has low costs and risks, but the attacker would need to rely on many infected devices for a long time to generate substantial profits. However, due to the widespread drop in cryptocurrency values, there are more profitable ways to exploit hacked systems, making the opportunity cost the main cost. Regardless, crypto mining malware should be detected to prevent it, and various symptoms may help you catch it. For instance, device overheating, unexpectedly high processor consumption (shown by sluggish or slow response times), and poor battery performance are all signs of cryptojacking. If you work in a professional setting, this can show up as an abrupt rise in employee complaints about subpar performance or an observable surge in CPU overheating waste.
As mentioned, attackers use various obfuscation techniques to inject crypto mining malware into legitimate devices, as discussed below:
Since the primary requirement for the crypto mining process is CPU usage, the attackers' method of choice for hiding the mining script is CPU capping. Bypassing the high CPU usage-based detection systems and avoiding being included on the blacklist is possible for script owners using this technique.
The malware source code can be made invisible to keyword-based static analysis detection techniques like blacklists by encoding it using a variety of encoding algorithms. This technique converts text data into another format, like Base64, making the data only readable by machines after the conversion.
The host-based cryptojacking malware and the in-browser cryptojacking malware both use binary obfuscation, a technique used by malware designers to conceal harmful code from the usual string matching method.
Programmers frequently employ the well-known library calling method to improve their code's efficiency, organization, and readability. However, attackers can also use it to conceal their programs. For example, hackers specifically construct new scripts without specific keywords to hide the mining code from detecting systems.
Pure cryptojacking assaults may just result in lower performance, but this does not imply that they are harmless. Instead of becoming a cryptojacking victim, one should serve as a protector: if an attacker can install harmful malware on your (or your employees') computers, this is a sign that your security is poor and needs an upgrade. Here are a few tips to protect yourself from cryptojacking:
As general protection measures, you can disable JavaScript while surfing the web and use adblockers like Ad Blocker Plus to protect yourself from becoming a victim of crypto mining malware injected via online ads.