Malware spotlight: Crypto-jacking
Introduction
In this article, we will explore crypto-jacking, a growing malware-based epidemic in the cryptocurrency realm. Before understanding this threat, though, it is necessary to understand more about cryptocurrency and cryptocurrency mining.
What is cryptocurrency?
Cryptocurrency refers to digital money that can exist in a secure and decentralized form. It can be purchased, transferred and/or sold securely using blockchain technology, which uses cryptography to encrypt and protect data that helps in identifying and tracking cryptocurrency transactions.
Unlike traditional money, cryptocurrency is not managed or backed by an authorized third party, such as a government or bank. Rather, cryptocurrency transactions are verified by the network of computers that are not affiliated with any single server.
What is cryptocurrency mining?
Cryptocurrency mining is the process in which transactions between users are verified and then added into a blockchain public ledger. The mining process is also responsible for adding new coins into the existing circulating supply and is one of the basic factors that allow cryptocurrencies such as Bitcoin or Litecoin to work as the peer-to-peer decentralized network without the need for any central third-party.
The control and security of this network are maintained by miners, or crypto-miners — the people who mine coins.
What is cryptocurrency-mining malware?
Cryptocurrency-mining malware, also known as crypto-jacking, is malicious software that penetrates people’s devices (e.g., smartphones, tablets, computers or even servers) to secretly mine cryptocurrency without users’ explicit permission.
Threat actors do not build a dedicated crypto-mining network. Instead, they use cryptocurrency-mining malware to hold control of the resources of a victim’s computer, usually a CPU and memory resources. When all resources are added up, hostile actors can compete against sophisticated crypto-mining operations.
Since crypto-jacking only uses CPU power, it may go unnoticed on a computer. As a result, your CPU will soon run at a snail’s pace, further resulting in unresponsiveness and/or unavailability of legitimate processes due to the poor performance of the CPU and memory resources.
How does crypto-jacking work?
Hackers often involve more than one way to enslave a computer. The penetration process is carried out either by infecting a website or by luring the victim to click on a malicious link in an email that incorporates cryptomining code into a victim’s machine. Hackers can also infect online ads with JavaScript code to trigger malware for automatic execution once loaded in the browser of the victim’s device.
Cryptocurrency-mining malware can also be propagated by downloading a malicious file or infected application or installing the infected web browser extension. In February 2018, Bad Packets Report found that around 34,474 websites were running Coinhive, which was the most popular JavaScript miner and being used for legitimate cryptomining.
What is the potential cost of cryptocurrency-mining malware attacks?
Unlike other malware programs, crypto-jacking neither harms computers nor damages data stored on them. However, this growing epidemic uses CPU and memory resources. For individuals, this malware causes annoyance to the user due to the slow performance of the computer and additional electric units to the electricity bill. However, in the case of organizations, it may involve some cost to fix the problem or track down the performance issues, while bearing the burden of significantly-raised electricity bills.
According to the site Digiconnomist, although cryptomining may not cost users a good deal, the overall cost is staggering. The calculations required to mine currency and verify a Bitcoin ledger needs more than 70 terawatt-hours each year, which is enough to power 6.5 million U.S. households.
According to Motherboard, around 300,000 Bitcoin transactions occur per day. The report also adds that threat actors could earn a profit utilizing 24 terawatt-hours of electricity annually. Each Bitcoin transaction costs 215 kilowatt-hours.
How can cryptocurrency-mining malware be detected?
Although cryptojacking malware is designed to stay hidden, it does not mean it has no bad effects or symptoms on the victim’s machine. The affected system will get slow, the electricity bill will be increased, and the device’s life will be shortened. In addition, the abnormally fast speed of the CPU cooling fan might also indicate the infection of cryptocurrency-mining malware attacks. If your computer is showing these symptoms, you can detect this menace through an antimalware security program.
What is the motivation behind cryptocurrency-mining malware?
Cryptocurrency mining is a lucrative business. Therefore, the motivation behind a crypto-jacking is simply money: generating huge revenue from cryptocurrency mining. According to Kaspersky Labs, a single cryptocurrency-mining malware can generate a revenue of more than $30,000 per month. Though cryptomining malware is so rampant, more than 500 million people are using cryptocurrency mining without realizing its devastating consequences, as per the AdGuard estimation.
According to Marc Laliberte, threat analyst at network security solutions provider WatchGuard Technologies, “Cryptomining is in its infancy. There’s a lot of room for growth and evolution. It is grown quite a bit since then. It is a really easy money.” Cybersecurity company Malwarebytes believes that hackers even seem to prefer crypto-jacking to ransomware.
How can cryptocurrency-mining malware be prevented?
Finding the origin of the high CPU usage can be like untangling the Gordian knot. Running processes often hide or mask themselves as legitimate operations to prevent security measures from stopping the intrusion. However, taking some proactive measures can save individuals and organizations from falling prey to cryptocurrency-mining malware attacks.
- Use a popular anti-malware or/and antivirus program and keep them up-to-date
- Use endpoint protection solutions to detect known crypto miners
- Install a reputable coin-blocking, script-blocking or ad-blocking extension in your web browser, and block cryptocurrency-mining scripts in your web browser
- Block JavaScript in the web browser. Be aware that doing so will also disable legitimate functions that are using JavaScript. Some specialized programs can also be used to disable mining activities in web browsers. Those programs include “MinerBlock,” “No Coin” and so on. The latest versions of the Opera web browser even offer a built-in No Coin functionality
- Avoid downloading files from untrusted sources
- Always read the Terms of Services for browser extensions and even for all applications
- Keep your operating system and security applications up-to-date
- As soon as your system gets noticeably slower, run an anti-malware solution
- Do not trust anonymous emails and never open untrusted email attachments
- Avoid visiting anonymous and redirected links
- Process monitoring should be enabled. Only allow legitimate processes to be run
- Add cryptocurrency-mining malware into your security awareness and training program
The bottom line (conclusion)
Cryptocurrency-mining malware is malicious software that penetrates your computer through phishing techniques such as email attachments or by injecting cryptomining code using JavaScript into your web browser. This growing epidemic doesn’t cause any direct harm to your computer, but it does use the CPU and memory resources of your machine.
You can protect yourself from cryptocurrency-mining malware by deploying some security practices such as installing an antimalware program and avoid clicking suspicious-looking links in email attachments.
Sources
- Cryptocurrency-Mining Malware, NJCCIC
- What is Cryptocurrency?, NJCCIC
- Cryptocurrency, Webopedia
- Cryptojacking, Malwarebytes
- Tallying Up the Hidden Costs of Cryptomining Malware, Symantec
- What Can Cryptojacking Attacks Cost Your Enterprise?, Endpoint Security Solutions Review
- Best endpoint security software of 2019: Secure your business perimeter, TechRadar
- What is cryptojacking? How to prevent, detect, and recover from it, CSO
- Exam Pass Guarantee
- Live expert instruction
- Hands-on labs
- CREA exam voucher
In this Series
- Malware spotlight: Crypto-jacking
- How AsyncRAT is escaping security defenses
- Chrome extensions used to steal users' secrets
- Luna ransomware encrypts Windows, Linux and ESXi systems
- Bahamut Android malware and its new features
- LockBit 3.0 ransomware analysis
- AstraLocker releases the ransomware decryptors
- Analysis of Nokoyawa ransomware
- Goodwill ransomware group is propagating unusual demands to get the decryption key
- Dangerous IoT EnemyBot botnet is now attacking other targets
- Fileless malware uses event logger to hide malware
- Nerbian RAT Using COVID-19 templates
- Popular evasion techniques in the malware landscape
- Sunnyday ransomware analysis
- 9 online tools for malware analysis
- Blackguard malware analysis
- Behind Conti: Leaks reveal inner workings of ransomware group
- ZLoader: What it is, how it works and how to prevent it | Malware spotlight [2022 update]
- WhisperGate: A destructive malware to destroy Ukraine computer systems
- Electron Bot Malware is disseminated via Microsoft's Official Store and is capable of controlling social media apps
- SockDetour: the backdoor impacting U.S. defense contractors
- HermeticWiper malware used against Ukraine
- MyloBot 2022: A botnet that only sends extortion emails
- Mars Stealer malware analysis
- How to remove ransomware: Best free decryption tools and resources
- Purple Fox rootkit and how it has been disseminated in the wild
- Deadbolt ransomware: The real weapon against IoT devices
- Log4j - the remote code execution vulnerability that stopped the world
- Rook ransomware analysis
- Modus operandi of BlackByte ransomware
- Emotet malware returns
- Mekotio banker trojan returns with new TTP
- Android malware BrazKing returns
- Malware instrumentation with Frida
- Malware analysis arsenal: Top 15 tools
- Redline stealer malware: Full analysis
- A full analysis of the BlackMatter ransomware
- A full analysis of Horus Eyes RAT
- REvil ransomware: Lessons learned from a major supply chain attack
- Pingback malware: How it works and how to prevent it
- Android malware worm auto-spreads via WhatsApp messages
- Malware analysis: Ragnarok ransomware
- Taidoor malware: what it is, how it works and how to prevent it | malware spotlight
- SUNBURST backdoor malware: What it is, how it works, and how to prevent it | Malware spotlight
- ZHtrap botnet: How it works and how to prevent it
- DearCry ransomware: How it works and how to prevent it
- How criminals are using Windows Background Intelligent Transfer Service
- How the Javali trojan weaponizes Avira antivirus
- HelloKitty: The ransomware affecting CD Projekt Red and Cyberpunk 2077
- DreamBus Botnet: An analysis
- Kobalos malware: A complex Linux threat
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Malware analysis
Malware analysis
Malware analysis
Malware analysis