Has Your Computer Been Cryptojacked?

Money Quote.png

Have you noticed a louder whizzing noise from the CPU fans whenever you use your computer? You may inadvertently have accepted an in-browser mining add-on that is mining crypto without your knowledge.

You Have Been Cryptojacked!

Computer users won’t notice that their systems have been affected apart from system lags or performance issues.

What is a Cryptojack?

A crypto jack is a form of cyberattack where stolen computing power is converted into cryptocurrency. The conversion process is called mining and it is a computationally intensive process that computers in a P2P network compete to verify the transaction record called the blockchain and receive cryptocurrency in return.

The well-known crytpojacking script was released in Septermber 2017 by a company called Coinhive. The tool was designed to give website owners a way to make money without displaying ads. Unfortunately, when it got into the hands of malware authors, they used the tool for their nefarious purposes.

Cybersecurity experts have discovered the cryptojacking tool hiding in Chrome extensions, hacked Wordpress sites, ‘malvertising’ hacker sites and even in high-power enterprise servers. Researchers estimate that cryptojackers can conservatively generate up to USD 30,000 worth of cryptocurrency per month. The cryptocurrencies of choice are typically CryptoNote based currencies such as Monero and zCash. These currencies, which employ the CryptoNight mining algorithm, have cryptographic features that make transactions untraceable.

In the past, cryptocriminals may have mined Bitcoins as part of their loot. However, recent cases have shown that Bitcoin transactions are not totally anonymous nor untraceable. In addition, it has become more costly to mine Bitcoins with the extreme competition to confirm the blockchain transactions with expensive special-purpose GPU based servers . These cons have moved onto newer, easier-to-mine and profitable cryptocurrencies. In addition, it also helps that the CryptoNight mining algorithm used by CryptoNote based currencies can be mined on the billions of vulnerable modern CPUs connected to the Internet.

The tactics used by the cryptojacking malware include cross-site scripting and remote code execution to brute force attacks and SQL injection. Intrusive and malicious cryptocurrency mining can threaten the availability and security of a network or system, and the data stored on them. What’s worse is that victims become part of the problem, when their computers further the spread of the cryptojacking operation.

Reported Cases

1. Showtime

An alert Twitter user raised the alarm in August 2017, that the source code for the Showtime Anytime website contained a tool that was secretly hijacking visitors’ computers to mine Monero, a cryptocurrency focused on anonymity.

Showtime quickly removed the malware after it was alerted to it. To this day, it has not been discovered how the tool was embedded to the site. Unfortunately, the same malware code that was discovered has been spreading to other Internet sites.

2. Kaspersky

According to Kaspersky’s research, Coinhive’s miner is not the only cryptojacking malware discovered on their clients’ computers and servers. Hackers are innovating with a variety of approaches to hijack computers.

3. IBM

According to IBM’s X-Force security team, numerous attempts have been made by cryptojackers to install their mining malware on enterprise-grade servers owned by medium and large sized organizations. In fact, these attempts have gone up by about 6 times between January and August 2017.

4. PirateBay

PirateBay installed the Coinhive JS miner into their website without directly informing their site visitors. This was an experiment to discover if this was a way to sustain their site economically without depending on the low-grade advertisers that the renegade site attracted. They had to disable the Coinhive software from the public backlash that resulted.

What Protective Measures Can Be Taken?

These are some of the steps you can take to protect your or your organizations’ computers:

  1. Install a modern and updated antivirus software. These antivirus tools can detect cryptojacking malware without too much difficulty.

  2. Adopt best practices to minimize cryptojacking attacks. Keep software packages regularly updated – including browsers. Highlight the dangers of malware by cultivating a security-aware workforce through adequate education and role-based training.

  3. Use application whitelists to prevent unknown executables from launching on systems within your organization’s networks. In addition, you could use JS-blocking applications to prevent scripts like Coinhive’s from executing. The good news is that since the Coinhive script has no persistence mechanism, the script can be easily terminated by closing the website or browser. Another tactic to consider is to perform input validation on Web applications to mitigate injection attacks.

  4. A growing problem for many organizations is rogue employees compromising high powered enterprise servers to mint cryptocurrencies. There was a recent case of scientists and researchers at a Russian nuclear research institute that were caught and arrested for using the facility’s supercomputers to mine cryptocurrencies.

These inside jobs can be fairly difficult to detect. Organizations are relying on external IT auditors and a combination of artificial intelligence and machine learning to monitor and detect anomalous activity inside networks.

Summary

A new threat to our privacy and security has emerged in the form of cryptojacking. This form of malware uses your computer’s resources to mine cryptocurrency surreptitiously when you visit certain websites that run a mining script. Computer users may experience a loss of performance when their computers have been compromised.

At the moment this form of malware can be rather easily detected by installing an updated antivirus software and neutered by closing the browser and removing the offending script. Awareness of these scripts should be increased and common system security measures should be undertaken.

References:

  1. Hijacking Computers to Mine Cryptocurrency Is All the Rage

  2. EITest Campaign Uses Tech Support Scams to Deliver Coinhive’s Monero Miner

  3. Network Attacks Containing Cryptocurrency CPU Mining Tools Grow Sixfold

  4. How to Stop Pirate Bay and Other Sites From Hijacking Your CPU to Mine Cryptocoins

H2
H3
H4
3 columns
2 columns
1 column
10 Comments