Cryptojacking – The new trend in Cybercrime

Hacks & Frauds 3 min, 27 sec READ

by Nick Tsakanikas

The new threat in cybercrime, is Cryptojacking. Hackers can trap home PCs to mine cryptocurrencies, without the knowledge of the victims.

Bitcoin’s (along with other cryptocurrencies) price has risen significantly, and as coins are produced by computer grids, bad actors have invented new ways to make money. Cryptojacking is a new age hack-attack, that exploits computational resources to mine cryptocurrencies without the user's knowledge. 

Cryptojacking comes in two forms.  In the traditional phishing method users are baited to “click,” usually by an offer of a prize, and once they do, the malicious code starts to execute on their computer.  The other method is to hide a JavaScript code on popular websites, that runs in stealth-mode as long as the visitor stays on the infected webpage.

While the figures aren’t official, some estimates put the monthly profit from Cryptojacking activities at more than $150k. Hijackers earn significant amounts and users suffer through slow performance since their computer's resources have been hijacked. 

Previous hacking methods, like Ransomware, targeted individuals to blackmail for money, in exchange for the “liberty” of their previously encrypted computer. These practices, however, proved to be ineffective as only a small percentage of the victims pay the ransom money.

Cryptojacking, on the other hand, successfully generates money for the hackers, under the nose of the victims and without their knowledge. When the victim is made aware of it; since the attackers only steal the processing power of their computer, the victims are not usually motivated to go after the hackers. In many cases, the malicious script runs on the victim's computer undetected, for a long time.

One of the benefits of Cryptojacking is that once a popular website has been infected the hacker could “employ” thousands of computers to mine small increments of cryptocurrencies simultaneously.

Cryptojacking can affect every type of system; from a personal computer to corporate data centers and, according to cybersecurity companies, it is considered the most significant threat in 2018.

How does it work?

The primary issue with Cryptojacking is the fact that it is easy to accomplish. Both the phishing and popular website methods are easy to implement. 

There are a few crypto-mining scripts available. They are easy-to-use and can be purchased on the Dark Web for as low as $30. The most popular, called Coinhive, is a JavaScript browser miner, created as an alternative monetization method for websites. When the tool is legitimately used it requires the visitor’s consent; the Darknet version works in stealth mode without that consent. 

Mining scripts have been identified on more than 33,000 websites, producing almost every cryptocurrency that can be mined, with Monero being the most popular due to its anonymity and low-difficulty features. According to security experts, more than 90% of Cryptojacking is done in-browser. 

Currently, 95% of Cryptojacking attacks use Coinhive. Although it may seem nonthreatening to the average user, a computers' low-performance level could create significant losses in larger enterprises.  Cryptojacking malware is usually untraceable by antivirus software, and users can only recognize a mining script running, by observing CPU usage. 

Cryptojacking unbounded

Governmental online services have also been in the scope of attackers. Websites from the US, UK, and Australian governments have fallen victim to malicious attacks.  Hackers found a vulnerability in a text-to-speech software, to install Coinhive.

Also of note, is Tesla’s Amazon Web Services attack. The hackers used an alternative software, called Stratum, to utilize the company’s cloud computational resources to their benefit. The intrusion was discovered by Redlock’s cybersecurity researchers, who said the attackers made a reduced usage of Tesla’s CPU power, to mask their IP addresses. 

Cryptojacking practices can even be used by governments to exploit their citizens. Research by The Citizen Lab at the University of Toronto, says that the Egyptian government may have been utilizing citizens’ electronic devices to mine Monero since 2016. 

Cryptojacking is a significant security risk for individual and enterprise data processing systems and research into the devlopment of effective tracking methods is needed.