Cryptojacking has hit the headlines in recent months. But what is it? And do you need to be worried?
Cryptojacking occurs when a computer is used to mine cryptocurrency without the permission of the user. There are two main ways that this is done: in-browser and via installed malware on the machine.
In-browser cryptominers vs installed cryptomining malware
With an in-browser approach, cybercriminals break into a web server and inject browser-based cryptomining code that mines whenever anyone visits the website. For example, researchers recently discovered that a Coinhive Monero miner had been running on an LA Times website. Any time a user visited the Homicide Report web page offered by the LA Times, the hacker was able to steal their CPU power to mine for Monero, a popular digital currency.
We saw a similar example of this recently when a whole raft of government websites was infected with a cryptomining script through browsealoud DOT com – a service that converts pages on a website to speech, to help out visitors who aren’t fluent in written English or good at reading.
The bad news for consumers is that in-browser cryptojacking is platform-agnostic. That means that all of your devices – including your phone – are potential targets. We’ve seen Coinhive-based miners added to popular apps, like Netflix and Instagram, and there have even been reports recently about mobile phones being physically damaged by cryptominers.
The good news, though, is that in-browser crypto software generally isn’t doing anything malicious to your system, other than general wear and tear. The software might make your laptop use slightly more juice, but you’d be hard-pressed to notice those fractions of a penny on your electricity bill. The fact that it’s all self-contained within the browser itself means that cryptominers never get near your data, they’re just jacking up your CPU.
On the other hand, cybercriminals may take the approach of breaking into a consumer’s network and installing cryptomining software directly on their machine to steal electricity and CPU power. An installed miner is indeed a threat – beyond the side effects of wear and tear on your machine, CPU, electricity, cooling, and so on, the bigger problem is that you have now been breached. If hackers can install one thing – like a cryptominer – on your machine, there’s a high likelihood that they can deploy other kinds of attacks, like ransomware or keyloggers.
Is cryptojacking a bigger threat to a business or a consumer?
Cybercriminals are targeting everyone. You might think “it won’t happen to me” but, interestingly enough, our research shows that cybercriminals are using the same cryptojacking tactics against businesses and employees as they are against consumers at home. This tells us just how opportunistic cybercriminals really are and reminds us that security can’t stop when we leave the office. Security is a lifestyle, and it’s incredibly important to have enterprise-strength security protection at the office and at home.
How to tell if you have a cryptominer installed
If your computer is being used by cryptojackers, then it’s likely to get slower and the fans will go into high gear due to increased CPU. There’s a physical reaction to the miner being on the machine.
What to do
There isn’t one specific thing you can do to stop cryptomining attacks, but good security hygiene in general is always a good line of defense. That means:
- Keep your software up-to-date. Patch early, patch often
- Only download software through approved sources
- Don’t open or click on things when you don’t know where they came from
- Always create strong, unique passwords and don’t share them with anyone
- Enable 2-factor authentication when it’s available
- Back up regularly and keep a recent backup copy off-site
- Secure your computer with advanced real-time security protection. (Sophos is currently offering Naked Security readers 40% off Sophos Home Premium until 27 August 2018.)
4 comments on “Cryptojacking for beginners – what you need to know”
Do these miners only run in Java typically, or something else that can be disabled?
Browser-based miners run in Java*Script*, not Java.
Such a plugin might prevent things like keylogging or code that writes HTML that generates HTTP requests, for example.
Of course the fact that it doesn’t exist probably suggests it’s quite a difficult problem to solve!