Cryptojacking Working and Detection Methods

Muhammad Naeem

Blogger

Crypto mining requires a lot of computational power, which can be achieved through expensive hardware equipment and electricity bills. However, a backdoor called cryptojacking can be used to steal other people's computational power by injecting JavaScript codes into the victim's computers. As long as the targeted device is turned on and connected to the internet, it acts as a host or an RDP to provide free resources.

What is cryptojacking

Cryptojacking is the method of hijacking the victims’ devices to steal computational power and use this power to mine cryptocurrency. Now that the most famous cryptocurrency is Bitcoin, the hackers use the processing power to mine crypto on the targeted device.

Since the mining rewards are collected by the hacker, the targeted person provides all the power and resources for free. Now this might not harm your data or infect your device with any virus, but it can drastically slow down your device and its online connectivity.

Working of Cryptojacking:

The sole purpose of cryptojacking is to use your resources to benefit the hackers. Hackers can target your device in many ways. If you are visiting a pirated or low-security website, it can use the JavaScript codes to download on your device and run in the background. The popular antivirus company Kaspersky revealed that many hackers have been targeting the devices even through Chrome browser extensions and Facebook.

It doesn’t take an expert to cryptojack a device as the entire kit is available on the dark web and anyone can buy it for a small amount. The popular torrent website has been cryptojacking their visitors as an incentive model to keep up their servers without the users’ consent.

Now it can be a minor thing for many but once bigger organizations with huge computational power are targeted, it greatly benefits the hackers and harms these organizations at large. The operations can be affected and they might attempt to change their hardware, thinking that is causing the problem. Also, they might have to pay the cost of hiring a professional to track crypto-jacking.

Here is how cryptojacking can harm your devices:

• Reducing the lifespan of the device by overusing the CPU and GPU
• Increasing the electricity consumption and the carbon footprint of the device
• Exposing the device to other malware or ransomware infections
• Compromising the security and privacy of the device and the data stored on it
• Disrupting the normal functioning of the network and the internet connection

History and damages

Microsoft Store detected 8 suspicious applications in 2019 that were cryptojacking the resources of whoever downloaded these applications. Microsoft removed and banned these applications. All applications were allegedly created by the same person or group. These applications were meant to optimize mobile batteries and clean storage but they were mining XMR (Monero) crypto token by activating the script in the background.

In a similar event, in 2018, Los Angeles Times' Homicide Report page infected the website visitors with the script to mine Monero cryptocurrency through cryptojacking. In the same year, the European water utility control system was compromised to mine the same coin. This greatly lowered the overall performance of the utility system as the mining software was draining the computational power.

Over 2 lac users were impacted by the CoinHive mining software script on MikroTik routers. These routers in Brazil infected all visitors to the website.

How to detect Cryptojacking

You can look out for the following symptoms to detect if your device is cryptojacked or not:

• Your device will be slower in performance and the network connectivity will be weak.
• CPU and GPU both show higher performance than usual even when your device is not working.
• The battery of your device will drain faster and will generate heat.
• Due to overheating and frequent battery charging, your electricity bill will be higher.
• In some cases, an unknown app should be shown in the task manager or activity monitor.
• A suspicious or unknown process running in the task manager or the activity monitor
• A change in the homepage or the search engine of the browser
• A redirection to unwanted or malicious websites

Cryptojacking in 2024

Cryptojacking in 2024 has become more advanced as hackers use updated scripts to trick the antivirus software and device security. Though cryptocurrencies are shifting from Proof of Work protocol to new protocols like Proof of Stake, Bitcoin mining is still attractive for the miners.

To tackle cryptojacking in 2024, make sure your device has up-to-date security. Avoid using pirated software and visiting the website with compromised security and redirects. Make sure javascript in your browsers is disabled and you are using adblockers to block the malicious popups.