Author: Cryptojacking is the term used for an attacker gaining unauthorized access to your computer for mining (or minting) cryptocurrencies. The attack poses a critical threat since it utilizes your system resources, thus diminishing them for you. That means you may wonder if a program crashed or hung when the actual culprit would be a malware mining cryptocurrencies on your machine.
Though the malware usually mines cryptocurrencies quietly in the background, it may not always be the case. Maybe it can try to gain control of your system or use all of the system resources. Nevertheless, it’s an immediate problem for every web user, including your employees. That said, what’s the solution?
There are various defense mechanisms to fight cryptojacking malware. But first and foremost, let’s understand cryptojacking, then let’s discuss the solution.
What is Cryptojacking?
“Cryptojacking is malicious activity, in which an infected device is used to secretly mine for cryptocurrencies. To do so, the attacker makes use of the victims’ processing power and bandwidth … Generally, the cryptomining malware responsible for such malicious activities are designed to use just enough system resources to remain unnoticed as long as possible,” per Binance Academy.
Cryptojacking — also known as malicious cryptomining — is an emerging threat since it can’t just take over web browsers but almost any kind of device, including desktops and laptops to smartphones and network servers. The motive behind cryptojacking is profit, like many cyberattacks or threats. But, it’s developed to stay hidden from the users, unlike most other types of threats.
Why cryptojacking is so popular? Since a few of the cryptocurrencies are highly valuable, attackers plan to mine them. But, the cost of buying a cryotomining hardware or assembling such a cryptomining machine is very high (usually 2-3 thousand dollars), and then running such a device is expensive as well, thanks to the high electricity bills. So, they came with an evil plan to exploit other people’s computers to mine the cryptocurrencies without investment.
What problems does it create? The malware used for cryptojacking usually stays hidden, but it steals your computer resources. So, you may find your software running slow or getting hung without reasons. Then, it heats your machine since the computer does heavy work continuously, which, in return, affects the battery life of your machine and its overall life as well (unfortunately!).
Moreover, if your organization’s machines are cryptojacked, you incur losses. It includes electricity costs, labor costs, and missed opportunities; but it’s not all. The cryptojacked machines may wear out quickly — another hefty loss!
How does cryptojacking work? Cryptojackers (the attackers) have numerous techniques to enslave your machine. The first method works like any classic malware. When you click on an infected website, it downloads the malware (the cryptomining code) on your computer. Once your computer is infected, it runs the cryptomining code around the clock. Since it’s downloaded locally on your system, it becomes a persistent threat that has infected your computer.
The alternative cryptojacking scheme, also known as drive-by cryptomining, involves you loading an infected web page. As with malicious advertising attacks, this technique loads a malicious code into your browser when you visit this page. Then, this code performs cryptomining on your system. However, it differs from the first method because no code’s stored locally on your computer. Thus, it’s not a persistent threat, unlike the other scheme. Also, it doesn’t run on your system around the clock since it’s not persistent.
However, these schemes are usually performed on a single machine. So, how does cryptojackers launch this attack on a mass number of machines?
How SQLi & XSS helps in Cryptojacking?
Cross Site Scripting (XSS) and SQL Injection (SQLi) helps cryptojackers to target masses of machines by compromising an app or website. If an app or website is targeted to include the cryptojacking script (code), all its users are auto-targeted to run the script, and thus, mine or mint the cryptocurrencies. So, the attackers can target a massive number of machines by using XSS and SQLi.
How is this attack usually executed? “An attacker injects a cryptominer into a compromised website, ad platform, or browser extension, often by exploiting cross-site scripting (XSS) vulnerabilities. This enables the cryptominer to use a device’s resources whenever the user browses the website, plays an ad, or installs the malicious browser extension,” according to AT&T Cybersecurity.
How to Prevent Cryptojacking?
Since now you know all about cryptojacking, let’s see the defensive techniques to prevent cryptojacking in your app or website or on your local machine.
1. Anti-Cryptomining Add-ons
Since cryptomining scripts are usually delivered through ads or malicious sites, an ad blocker works well at protecting your machine or a cryptomining blocker works even better. Adblock Plus features some capability to block such scripts. However, anti-cryptomining extensions like MinerBlock and No Coin provides even better features for detecting and blocking cryptomining scripts. You can install one of these add-ons in your browsers to stay safe and secure.
2. Use Endpoint Protection
If you’re part of an organization, you must opt for antivirus software or an endpoint solution that supports detecting and blocking crypto miners. Though most of the known vendors feature this capability in their solutions, you must confirm their features because cryptojackers regularly change and update their miners to avoid detection. So, the security product must be updated periodically so that it can detect the ever-evolving crypto miners.
3. Content Security Policy
If you’re a website owner or manager, you shall use the below technique to protect your website. You must add a header (“Content-Security-Policy”) on your website to set the policy. Alternatively, you can set it via the meta tag in HTML.
Content Security Policy (CSP) is a response header that “acts as an additional security layer against various attacks, such as Cross-site Scripting (XSS) attacks. Using the directives of CSP, you can control the resources from which script, style, image, and sound are loaded. The whitelisting approach is used when setting the rules in CSP. This allows the website owner to state only the allowed sources, which helps filter out the unwanted ones,” according to Netsparker.
That’s all about the cryptojacking. It’s a nuisance for everyone since it steals your computer resources. That’s why it’s suggested to get an anti-cryptomining tool on your machine to stay safe from cryptojackers and crypto miners.
