Cryptocurrency mining involves solving complex mathematical problems, you could be forgiven for thinking that only ‘state of the art’ computing power could accomplish such achievements. But what if we told you that it could be happening on your own computer without you even knowing.
Cryptojacking occurs when unauthorized access is granted to your computer, through the secret installation of a script. The unlawful script utilizes your computer's processing power to secretly mine cryptocurrency. After solving the complex mathematical problems involved with mining, the results are then sent back to the hacker in order to help generate tokens. The hacker can then choose to do as they wish with their ‘free’ crypto.
Millions of dollars of cryptocurrencies have been mined using the method over the past five years. The two most prominent methods for cryptojacking installation are phishing emails or through websites with malicious code.
Phishing emails entice a user to click on a malicious link, which triggers a script to install on a device. The script can then run in the background whilst the unknowing user continues to work.
The second method, which is less permanent but more common, occurs when visiting a website or viewing a malicious advert online. The script automatically computes until you close the site. Unlike the phishing method, this leaves no trace on a victim’s device.
The substantial difference when comparing cryptojacking with older ransomware scams is that ransomware was only successful for approximately 3% of victims targeted. For every 100 people targeted, only 3 were likely to be caught out. Although scary, the strike rate was low.
In comparison, because of the unobvious intrusion with cryptojacking, every computer that is infected with cryptomining script becomes a money maker for the criminals. The strike rate here is in a league of its own, however, as the amount of cryptocurrency that can be mined using a single consumer computer is microscopic, hackers must infect vast numbers of devices to receive any substantial monetary gain.
Spotting the invisible intruder can be difficult. Especially as the script is often installed on your device without any clear alteration to the operating system.
For individuals, one clear indication that something may not be right is slower computer performance. If your device is performing no complex processes, yet the computer's CPU usage remains high, it likely indicates something is working in the background and would prompt a further investigation.
Higher CPU usage can also manifest itself in the way of excessive heat production, so keeping an eye on CPU temperatures is also a good idea.
With the above being said, 90% of all cryptojacking attempts occur through websites, therefore the likelihood is that if you ever become the victim, the process will not be a permanent one, removing itself as soon as the website is closed. Nevertheless, it is always good to be aware.
Being aware is the first step toward preventing cryptojacking. By knowing that some attacks come from phishing-type emails and by implementing safe internet browsing practices, attacks can be avoided.
Another important step is to keep your browser and operating system up to date and keep up to date antivirus software on your device. Most antivirus packages today defend against cryptomining scripts if the malicious scripts are known.
The good news is cryptojacking inflicts no malicious damage to a victim’s personal data or assets. These scripts don’t steal cryptocurrencies that you hold, nor interfere with any purchases from trusted exchanges such as Xcoins.
The process can steal considerable CPU processing resources from a device, but hopefully, as an individual, this will be the only frustration.
Cryptocurrency and blockchain technology remain one of the safest ways to transfer wealth globally. Exploitations, such cryptojacking, are simply unfortunate annoyances, where criminals try to make use of the system for their benefit. Unfortunately, this is mirrored in nearly every other new system or technology, but the integrity of blockchain technology remains unchallenged.
That being said, remember to stay vigilant when surfing the web, be on the lookout for malicious emails and by doing so, you will stay one step ahead of this new threat.