What Is Cryptojacking? Trend Continues To Grow
Most people are aware of the potential threats looming online but a new trend called cryptojacking can steal a user’s computing power and use it to mine profitable cryptocurrencies for attackers.
Unlike other attacks like adware that bombards a user with advertisements that can redirect them to spam-filled websites or malware that requires the user to download and install a piece of software, cryptojacking is relatively unintrusive and generally less harmful than other attacks—though that doesn’t make the intentions less malicious.
Cryptojacking takes place when a script, usually one crafted using Javascript, is placed on a webpage—either intentionally so by the site’s owner or hackers who use vulnerabilities in the site to inject the script without permission.
Any time a person visits the site, the script kicks in and starts to hijack the processing power of the visitor’s computer, using it to mine for cryptocurrencies like Bitcoin and Monero—a task that involves solving complicated mathematical problems in order to process transactions and release additional currency.
Often times, cryptojacking behavior can go unnoticed by a user. The fan on their computer might kick in or they may notice their browser start to feel sluggish, but there is no intrusive behavior that would tip off an individual they are being used to generate cash for someone else.
Christopher Budd—the senior threat communications manager at cybersecurity firm Palo Alto Networks’ threat intelligence team, Unit 42—told International Business Times that cryptojacking is becoming an increasingly common occurrence for one primary reason: it’s profitable.
“More than anything the sharp increase in cryptocurrency prices has made this a very attractive and lucrative attack vector now,” he said.
Previously, when currencies were worth a fraction of the price, the motivation to mine was lower. Now that Bitcoin is pressing to new heights on the regular and upstart cryptocurrencies like Monero are regularly increasing their value, attackers are looking for all the computational power they can find in order to mine the digital dollars.
While it’s possible for a person to mine for currency on their own machine or machines, the process is cost-prohibitive. A report earlier this month by Digiconomist estimated that it requires about 215 kilowatt-hours (KWh) to process a single Bitcoin transaction. The average American household consumes 901 KWh per month, meaning a single Bitcoin transaction requires the same amount of energy that it takes to keep the lights on in a home for about a week.
Given the steep energy cost associated with mining, miners have turned toward farming out the tasks to other people's’ computers, spreading the burden out to every person who visits a website laced with a mining script.
The problem with that process is the fact that in many instances, the processing power is being used without the person’s permission. While it’s unlikely that the cryptojacking scripts will do any long-term damage to a person’s computer in the way malware or other insidious software might, it still causing slowdowns and potentially adding to the person’s energy bill.
One of the real problems with cryptojacking is that it doesn’t have to be a malicious act. The process has legitimate uses and can be implemented in a way that doesn’t harm users or inflict upon them a resource-draining script without their knowledge.
“We have to distinguish between legitimate sites that are legitimately using cryptomining code and those that are doing it maliciously,” Budd said, noting that there are sites that used cryptomining code as a means of generating revenue. Such a method can serve as a replacement for plastering a site with advertisements.
When done correctly, Budd said, those sites notify visitors of the use of cryptomining and require users to provide their consent to participate in the process. When those notifications aren’t in place and the process begins without the user’s knowledge is when it becomes a case of cryptojacking.
“Malicious use of cryptomining involves not providing the visitor with adequate notice and thus not getting their consent,” Budd said. He also distinguished between sites that do this intentionally—using visitors to generate revenue without telling them—and those that have been co-opted by an attacker. In those cases, both the site owner and its visitors are victims of the attack.
Instances of cryptojacking have cropped up on a number of popular and well-trafficked websites. Politifact.com, a Pulitzer Prize-winning fact-checking website, hosted a cryptojacking script without the knowledge of the site operators.
Websites for television network Showtime and popular torrent site the Pirate Bay also had cryptomining code installed, but done so intentionally despite not informing its users. In those instances, the site operators profited directly off their visitors without their knowledge.
Coinhive, one of the most popular scripts for cryptomining, has maintained that it is not its intention for its product to be used without the knowledge of the user but rather as a means of allowing visitors to contribute to their favorite sites without being served ads.
“While it's possible to run the miner without informing your users, we strongly advise against it,” the company said in its documentation of its cryptomining script. “You know this. Long term goodwill of your users is much more important than any short term profits.”
Despite Coinhive’s apparent good intentions, sites can still use it in less savory ways—and knock off versions of the script have far less interest in maintaining even the appearance of integrity with their offerings.
As long as cryptocurrencies continue to hold value, it’s likely that mining scripts will continue to populate sites, both in legitimate and malicious ways. Given that, it’s important for website operators and visitors to take action to protect against instances of cryptojacking.
Budd suggested site operators can prevent malicious cryptomining by “ensuring the security of their site and preventing unauthorized changes and uploads to their site.” Users can protect themselves by “ensuring that they have security solutions that protect against known malicious websites and malicious code on websites.”
Ad blockers are increasingly valuable tools in preventing against cryptojacking threats. uBlock Origin already blocks popular cryptomining scripts including those from Coin Hive. Others like Adblock Plus allows users to add a rule to blacklist known cryptominers, preventing them from accessing the user’s processor to mine for cryptocurrency.
For users who do find themselves the victim of cryptojacking, shutting down the attack is easy. All it takes is closing the tab or the browser and the process will instantly stop. Budd said there is no lasting damage or impact from such an attack.
© Copyright IBTimes 2024. All rights reserved.