All About Malicious Crypto Mining (Cryptojacking)

Who would've thought that when cryptocurrency first appeared, it will create a new opportunity for cybercriminals? The common person surely didn't.

There was a tremendous wave of virtual currencies that appeared and became extremely valorous in a matter of a few months (for example, Bitcoin). People were buying and selling, and these transactions had to be validated through a complex process - a mathematical problem called crypto mining. The person who was the first to solve the problem, not only helped the cryptocurrencies owners to collect their coins, but they were also rewarded with some coins.

Being an extremely complex mathematical problem, you'd have to use a lot of computer resources. As the cryptocurrency trend got bigger, cryptominers had to develop - there are now crypto mining farms.

Either way, cyber criminals saw this crypto mining process as an opportunity, and so cyberjacking appeared.

Before diving deeper into the matter, let's start with the beginning, then slowly getting to the cyberjacking part.


What is Cryptocurrency

Cryptocurrency is a new form of currency that appeared in this world. It is virtual, there is no central bank to control it, it has growth potential and is basically anonymous.

The fundamental laws of marketing worked for cryptocurrencies as well. In 2009, Satoshi Nakamoto, a pseudonymous developer, introduced the Bitcoin, the first decentralized cryptocurrency. Even though until 2009 there were some other cryptocurrencies that were created, they only set the path to the one that had the biggest influence on the world: Bitcoin. It was the first, it had a good name, hence it remained in people's minds.

Bitcoin's grandparents:

  • ecash, appeared in 1983, developed by David Chaum;
  • DigiCash, in 1995, an early form of electronic payments, through which David implemented ecash;
  • description of b-money, published by Wei Dai in 1998.

Bitcoin had such a big impact, that all of the other cryptocurrencies were "altcoins", meaning alternative coins. After its launch, thousands of other cryptocurrencies appeared, but none was close to Bitcoin's value.

The whole world was impacted by Bitcoin, as in 2017 there was a big boom. Until 2017, Bitcoin's value slowly raised. Whoever was quick, smart and open enough in the previous years to buy even one single Bitcoin, was definitely in for a surprise. At the end of 2017, Bitcoin's value skyrocketed to the amount of almost $20.000.

Whoever was smart and strong enough to sell in the period of time, made a good amount of money.

Afterwards, Bitcoin's value dropped significantly, scaring all those who invested in this cyrptocurrency. In February 2018 one Bitcoin was $8.500, creating some panic among everyone. It's value raised a bit in the following months, but by the end of the year, one Bitcoin was $3.000. The world actually started to think that it may have been the end of Bitcoin, it may have been the end of cryptocurrencies.

Luckily, the world was too involved into cryptocurrencies for this market to drop. Actually, Bitcoin's value got up to more than $10.500 in the summer of 2019. Even though there were many people skeptical about this whole new trend in currencies, there were enough curious and willing to invest. This helped the market embrace new cryptocurrencies like Ripple, Litecoin, Monero, Stellar and many, many others.


Crypto Mining vs Cryptojacking

Cryptomining definition

As I mentioned before, in order for transactions to be valid, they have to be...well, validated. The process of validating transactions is called mining.

Obviously, there are miners, but don't think of them being full of dust and dirt. These miners use their own computers, and they just sit back and wait to solve the mathematical problem. Whoever solves it first, gets a reward in that particular cryptocurrency.

The mathematical problem I'm referring to is kind of like a code of the transaction. In the world of banking, each bank has a centralized database. If you use your card, or if you withdraw or do whatever other type of transaction, that centralized database will update; you'll be able to see and keep track of your transactions.

In the world of cryptocurrencies, the above described process works in a similar way, but with a decentralized database. But how are transactions possible? Each person who has coins keeps them in a wallet. That wallet (virtual) is encrypted, and if you would want to transfer funds to another person who has coins, that transaction is basically an exchange of information, that must be recorded in the decentralized database.

Of course, there are very special computers designed especially to check the transactions. Whenever they "see" one, they transform it into a super complex mathematical problem. And who solves this problems? Miners, or their computers, to be more exact. Most new coins are launched with the help of miners: they get rewarded whenever they solve the mathematical problem.

In the beginning, almost everyone could put its computer to use, to mine for coins. As the popularity of virtual coins raised, people started to build special computers that were only used for mining. Others created their own farms: computers connected to each other, to be more powerful and quicker in solving problems. Not to mention that there appeared companies specialized in this thing.

This actually had an impact in the world of computer parts, as the prices for graphic cards and CPU's started to raise.

Definition of cryptojacking

Cryptojacking is a cyber crime, and it involves stealing computer's resources in order to mine for coins.

Cryptomining became more and more expensive. People are investing a lot of money in powerful computers that can compete with others in the world. As one creates today the most powerful computer, tomorrow somebody will try to take his place. And this is valid for mining farms, too.

Since stealing peoples'computer resources is a much more cheaper way to mine, cyberjacking was "invented". Cyber criminals target whoever, even if it's an individual, even if it's a company. For an individual, the damages are that big, but for a company it can mean great amounts of energy and other resources consumed.

As a matter of fact, 2018 was the year when ransomware was surpassed by cryptojacking. Apparently, it has become more valuable for cyber criminals to maliciously cyber mine, instead of infecting the devices and then asking for money in return. With cryptojacking they might even go unnoticed, which can provide them a good period of mining time.

When and if the victims identify the malicious process of cyber mining, it will be a bit hard to evaluate it and to get something in return, as the source can be hard to trace back; also, there's nothing stolen or damaged, just resources used at a bigger capacity.

Cryptojacking actually comes into two forms:

  • device infection;
  • cybermining scripts.

Of course, each one of them can be done online, but they do have some particularities.

Cryptojacking by infecting the device

Similar to any malware, maliciously cyber mining by infecting a device means that the target has to click on a link which will trigger the installation of a malicious program into the computer. That malicious mini-software will silently (as much as it can) mine for coins.

For an individual, this means that his computer resources will be used much more, making the computer work slowly.

For a company, it's the same process, but the costs will be bigger. Think that those computer will start to work slowly, being an impediment in the employees' productivity. This leads to bigger costs and possibly less profit.

Cryptojacking using scripts

A relatively new way of maliciously cyber mining is using web scripts. This means that there are websites which have a JavaScript code installed to a web page; this code will be the one which will activate the cyber mining whenever someone visits that particular web page.

Some may think of this as a non-invasive action: it doesn't affect the target's personal data, it just "boroughs" CPU or GPU resources. It's like a crime without a victim. But this action of illegally accessing someone's CPU or GPU resources has it's consequences.

Maybe because of this way of thinking or maybe because they wanted to find an alternative to ads, some websites actually wanted to use this way of cyber mining on their websites. They installed a specific script, but they started asking website visitors if they were willing to accept the "trade": the website would use some of the visitor's resources for cyber mining, and the visitor will just have to stay on the web page and do whatever he needs to do.

Of course, this method can be done better of gaming websites, for example (or any other website that requires long web page visits). Once you close the web page, the mining script stops and releases your computer. If the company that manages the website is fully transparent about their actions, this way of mining can actually be a good idea.

Still, this whole method of "sincere and transparent" cyber mining is the one that made cyber criminals to take advantage. Since it's simpler than infecting the device, your Android smartphone can also be a "victim". Even though it's power isn't as big as a computer, getting together a great number of smartphones will create a power big enough to cyber mine.

Not to mention that there are also Trojans that are hidden in applications, which can lead to an infected smartphone. Other users experienced being redirected to another page, a page that opens a hidden infected pop-up. For example, you can be redirected to a "Free Gift" web page, that actually contains a JavaScript code, at the end of which there can be a string that will execute the miner.

Big and popular websites

Crypto mining using scripts is something that even big, popular and trustworthy websites have. There have been discovered a great amount of such websites, and I'm sure that they exist everywhere. There are two situations that can lead to this.

One of them is poor website security. Some cyber criminals find a way to load their mining script into the website, making it to do some fine cyberjacking.

The other situation is represented by employees. There can be rogue developers that work into that company, for that popular website, hence they can easily install a script for cryptojacking, without being noticed. They can be traced by other developers, but only if there is access to whatever the other ones are working on, and only if there's that interest of things going smoothly. If there's no website visitor that figures out the scheme, and no one complaints, then the script can go unnoticed for a long time.

These situations do have something in common. First of all, the owner of the company or website might not know anything about the issue. Secondly, both the cyber criminals and rogue employees rely on the fact that the website is well known in the world, it's trustworthy, and on that people will not even imagine that a particular popular brand can be involved into something like this.

Thirdly, if someone will complain (a visitor who knows something about cryptojacking), then the PR team should be careful how it handles the complaint. If the issue will become popular, then the whole company will risk its trust, which can lead to profit loss, fewer orders etc.

Just think of it: hearing about a big company, whose website you visited so many time thinking "It's [X], how can't it not be secure?", who just found out that it had some crypto mining scripts working on, being involved in cryptojacking. Wouldn't you be shocked about the fact that they didn't have a proper security? Will you be able to really trust it again? Will you be able to really trust other big websites again? I'm sure that a drop of insecure will flood your mind.


How to detect if your computer is used for crypto mining

Of course, it's not like no one would like to know if their computer is used for cyber mining. But given the fact that this process can be stealthy, it can be pretty hard to spot a cyber mining process.

Nonetheless, as soon as you start to spot some differences in the way your computer reacts, you can start thinking: "What websites did I visit?", "What links did I click on?" etc.

Then you can check what software and processes is your computer running. To do this, the all time savior is the answer: Ctrl-Alt-Delete, and click on Task Manager. Right there you'll be able to see multiple tabs, and one of them will show you the processes. By default, it opens exactly on that tab (Processes). For mac users, you can open the macOS Activity Monitor ("Processes").

You can click on the CPU column, making the processes appear in a descendant (or ascendant) way. This will help you to quickly see which program is the one that uses your CPU the most.

The same is for checking the CPU usage of your browser. If it seems of, then you might have a web page open that uses a script to cyber mine.

Worth mentioning is that there are scripts which are advanced enough to use as little as 20% of your CPU. This only will make it even harder to spot a cyber mining process.

Constantly monitoring the CPU usage is kind of the only way to detect if your computer is used for cyber mining.

Still, there is an useful tool that can help you with monitoring. It is called WhatsUp Gold. You can set up alerts for CPU spikes, even on multiple machines. In this way you'll always know what is happening with your CPUs.


How to protect yourself from cryptojacking - Device infection

Protecting your device from being infected should be quite easy, and something that's in your mind constantly. If you were educated well regarding online security, you should know that any link or email that looks even a tiny bit suspicious should not be opened or clicked on.

If the person that's sending you the email or the link really want to reach you, they will contact you again. If it's a friend, then you can simply ask him what is with that email/link. Should he not know what you're talking about, then it's definitely something malicious; and your friend has been infected.

I always considered that responsibility is the main action regarding online security. You are the only person that can keep you away from dubious link, websites and other similar situations. You are the only one that can be skeptical enough to think twice before entering a website or even downloading a suspicious software.

As I said, cyber mining based on infecting a device is extremely similar to any other malware. You'd either get an email, or a link, or there's the possibility of an infected ad.

To protect yourself from ads it's quite easy: just install an AdBlocker extension. There are websites (mostly news based ones) which ask you to either pay a fee, either stop the AdBlocker. My advice is to just click on: "Pause on this site". This will help you be protected at all times, even though you'd have to pause it each time you visit that website.

Another way to protect your self from cryptojacking based on infecting the device is actually installing an antivirus software. There are some that included a particular type of protection against cryptojacking.

For a complete guide to Online Security, here's an article that you should read:

How to protect your computer from cryptojacking - Crypto mining scripts

Protecting yourself from cyber mining script can be a bit easier, because there are tools that can help you.

For instance, there are browsers extensions especially created to keep malicious cyber mining scripts away from you. Two of them are MinerBlocker and No Coin. They both have extensions for Chrome, Firefox and Opera, and their duty is to monitor any suspicious activity and block it.

If you were lucky or sneaky enough to figure out which web page was causing you trouble, you can directly block it. Simply go to Settings in your browser, and you should find a section where you can block domains. Remember: if you found the web page, copy and paste the URL into Notes, and then quickly close the web page. After this you can go to block that domain, and you won't even have to search for the web page in History or click on it again. Just paste the URL and you're done.

Another solution to protect your computer from crypto mining scripts is disabling JavaScript. This is one of the most difficult choices. It's not because it is hard to disable it, it is because most websites run with JavaScripts; in this way, they offer you a much better user experience. JavaScipt has a very long and reach history, and the main thing you need to know is that it became the most popular language in the world. Besides various services and and complex architectures, JavaScript backs all websites in the modern browser. Ranging from great user experience features such as carousels or nice visual transitions to core business functionality such as user payments or registrations, JavaScript does it all. While some of the big websites out there are focused on ensuring their services even though JavaScript is disabled, you might find out that the cool, hip website you are using every day is no longer available without this neat little programming language.

Of course, a complete malware software isn't something to not consider. It can actually be very helpful, as it will not only protect your computer from ransomware, Trojans and other types of malware. As I said above, you computer can be infected with a malware that's actually created for cryptojacking, or you can be infected with a download from a web based script. A malware will protect you against these as well.

All these being said, remember that cyber crimes are now evolving into something different, something that basically takes advantage of your computer resources. As I've said in other online security articles, it's your duty to be responsible regarding your online activity.

Keep in mind that cryptojacking, even though it doesn't do any harm to your data, it can damage your computer or even smartphone.

Don't forget that even big and popular websites are victims of cyber mining scripts (implemented by either cyber criminals, either rogue employees).

Protect your computer against cryptojacking as much as you can, and keep a wide open eye even on those big and popular websites.

Fast, secure, no logs VPN software from DrSoft

Fastest, highly secure and anonymous VPN software