What is cryptojacking?

What is cryptojacking?

 

Cryptojacking, also called in-browser mining, is using a computer’s resources to mine cryptocurrencies for others’ benefit. Cryptojacking is quite clever and has a distinct advantage over and virus-based mining malware in that nothing needs to be installed on the host computer for the attacker to set your computer to work.

Here’s how cryptojacking works

1. A hacker gains control of a website
2. Malicious JavaScript mining code is installed on web pages
3. When visitors land on an infected web page, the Javascript is loaded into their web browser
4. The JavaScript starts mining cryptocurrency leveraging the visitor’s computing resources and electricity
5. Cryptocurrency coins, or tokens, are deposited into the hacker’s wallet

How it all started: Coinhive’s Monero script

The Pirate Bay was one of the first to cryptojack visitors.

A few weeks ago a company called Coinhive released JavaScript code that, when loaded by a web browser, could mine a cryptocurrency called Monero. The code, behaved just as outlined in the section above. Once installed, computers visiting infected pages of a web site would be put to task mining Monero with their CPU. CPU stands for Central Processing Unit. Normal humans refer to it as a processor. 

The script was quickly adopted by The Pirate Bay who later stated they installed the mining script to generate revenue without serving advertisements to site visitors. 

Why aren’t the hackers mining Bitcoin?

Hackers would make nearly nothing if they attempted to mine Bitcoin. Bitcoin’s algorithms require far more computing power than Monero.

Monero is a secure, private, and untraceable cryptocurrency. It is open-source and accessible to all. With Monero, you are your own bank. Only you control and are responsible for your funds. Your accounts and transactions are kept private from prying eyes.

– Monero website

The original script cited it’s selection of Monero because it can easily be mined by a computer’s CPU. Most cryptocurrencies are best mined with a computer’s graphics card

The Pirate Bay isn’t mainstream, but some infected sites are

It’s unclear how many websites have been coopted to stealthily mine cryptocurrencies, but it’s clearly beyond sites with pirated music and software. 

Since the release of Coinhive’s in-browser miner, several malicious scripts have surfaced on websites including PolitiFact, CBS’ Showtime and Real Madrid soccer star Cristiano Ronaldo’s official web site.

In-browser mining WordPress plugins

WordPress plugins including Coin Hive Ultimate Plugin and Simple Monero Miner. 

That’s right, WordPress site owners with zero coding experience can now easily add coin mining scripts to their websites, with or without the knowledge of site visitors.

How can you tell if you’re computer has been cryptojacked?

A slow or unresponsive computer

A hot or overheating computer

If you think you’re computer is mining, one thing you can do is to check your computer’s resource usage.

 Look at what applications are heavily using the CPU. If it’s the web browser you were surfing the web with this may confirm your fears.

If your CPU is highly tasked, but by anther hungry application, like Photoshop or video editing software, you’re probably not mining, but instead simply pushing your computer too hard. Try closing applications that are consuming large amounts of CPU power and see the computer starts responding normally again.

If your computer was cryptojacked. Here’s how to stop it.

If your computer is suffering from one of the above tell-tale signs when browsing the web, we recommend you take the following steps:

1. Close your web browser – Since these malicious scripts are on webpages, closing your web browser should stop them in their tracks.
2. Restart your computer – If you’ve closed your browser you’re probably safe, but we still recommend restarting your computer.
3. Run a virus scan – Cryptojacking currently occurs when visiting websites, and hasn’t been found to put any code on your computer. But, just to be sure, we recommend running a virus scan for good measure.

That should take care of it, for now. If it doesn’t either things have evolved since writing this or your computer has a bigger problem.

Stopping in-browser mining before it starts

• 
  
• Block suspicious websites – Some browsers have built-in site blocking functionality where you can supply a list of sites you do not wish anyone on the computer to be able to visit. 
  • Others, like Google’s Chrome browser, don’t have built-in functionality and recommend third-party extensions such as Block Site. Either way, if you’ve found a website that you believe to be cryptojacking, block it.
• Install ad blocking software – Some ad blocking software can stop cryptojacking. One specific ad blocker, AdGuard, has integrated CoinHive mining detection into their desktop software.

There is one option we aren’t going to recommend: disabling JavaScript. Yes, it would stop the mining dead in its tracks, but it would also make browsing most mainstream websites next to impossible.