Cryptojacking Explained and How to Protect Yourself From It

If you’ve been on the Internet for a while, you’ve probably heard of cryptocurrencies before. While most stores won’t accept payment in Bitcoins, cryptocurrencies have had a constant background presence in the computer world. Cryptocurrencies even appear in the news every so often, usually when someone makes it big with the currency or a bank closes its doors to it. A recent development in cryptocurrencies, however, has brought up a concern for everyone who browses the Internet – cryptojacking.

If you’ve peeked into the world of cryptocurrencies, you’ll know that coins can be earned through processing power. This involves people around the world using their computers to automatically process transactions presented in a computationally complex way. The first person to “solve” a transaction receives coins as a reward. This is known as “mining.”

cryptojacking-mining-rig

Because solving computational puzzles is the key to mining, miners will want as much processing power at their disposal as possible. Typically, this involves hardware upgrades and buying computers dedicated to mining (called “mining rigs”). There’s a more nefarious way of getting more computing power, however: borrowing other people’s processors without their knowledge!

For a while, the main way to “steal” processing power was by placing mining software on compromised computers and servers. This software utilises the processing power of the compromised system to mine coins without the owner’s knowledge. A new development, however, can force people to perform mining when they visit a web page. This is the new spike of “cryptojacking,” where websites can use your PC’s processor to mine coins.

A cryptojack starts when a Javascript miner file is uploaded to a website. This file can either be knowingly placed by the website owner or snuck in after a security breach by a hacker. When someone visits the website, the Javascript file is run, which uses the user’s computer to mine cryptocurrency. This means as long as the user is still on the site, they’ll be using their computer to do work for whoever placed the file.

Unlike other attacks, this particular one doesn’t aim to destroy or steal information from the victim’s computer. Its main goal is to simply use the hardware to perform mining operations. However, this does put additional strain on the victim’s computer. At best, this will cause their computer to slow down due to the load. At worst, it can overheat the processor which leads to computer freezes, sudden shutdowns, or even hardware damage on susceptible systems.

cryptojacking-coinhive

It’s worth noting that “cryptojacking” only involves a mining script running without the user’s consent or knowledge. It does not include any service that informs the visitor of the mining, lets the user opt out of the mining service, and offers incentives for running the miner.

Coinhive, for instance, allows webmasters to set up a miner that visitors can use in exchange for an ad-free experience or in-game currencies. These services are legitimate but have unfortunately had their methods (and even their own software!) used for nefarious purposes.

An example of cryptojacking in the wild is when Pirate Bay decided to use this method to phase out advertising on their site. However, as well as failing to remove advertisements, they slipped the mining code in without any warning or any way to opt out, which caused a lot of anger!

If the web owner is using this method to generate legitimate income, you should be forewarned of the mining script and allowed to opt out if you want. For those who want to use your processor without your permission, however, there are some ways to avoid a cryptojacking attack.

Manual Detection

When your PC is under siege from a cryptojacking attack, it will begin to use its resources to perform a mining operation. As such, it will put strain on your hardware. This makes for a telltale sign that a cryptojack is currently underway. Thankfully, because it’s all taking place on the site, you can simply navigate away to stop the cryptojacking attack.

If you notice that your CPU goes into overdrive when visiting a specific site, it may be due to cryptojacking. You can check your CPU’s usage via your operating system. For instance, in Windows you can see CPU usage by pressing Ctrl + Shift + ESC and clicking the “Performance” tab.

cryptojacking-check-cpu

Sometimes, you don’t even need to do this; just the sound of your system fans going haywire can be enough to identify high usage.

High CPU usage does not always mean cryptojacking, however. If you’re using an old PC and visiting a site with a lot of modern improvements, this may cause high usage by itself. If you’re seeing maxed-out CPU usage over a simple text article, however, it might be a sign of trouble.

Blocking the Script

Given how cryptojacking works via a website script, you can stop the problem by not allowing it to load. A good adblocker or script blocker will be able to pick up on the script and stop it from loading in the browser. There are even dedicated plugins built around stopping browser mining, such as AntiMiner. Non-Chrome users can also check out Anti-WebMiner that will block the javascript file from running.

While cryptojacking doesn’t aim to destroy or harm people’s computers and data, it can still be a big issue. Now you know what it is, how it works, and how to avoid cryptojacking.

Are you big into cryptocurrency these days? Does it not interest you at all? Let us know in the comments!

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.