What is Cryptojacking Attacks
Cryptojacking involves an attacker using their victim's computer to mine cryptocurrencies, often doing so within web browsers such as Chrome.
Cryptojacking has turned into an undeniably prominent route for criminals to extract cash from targets in the form of cryptocurrency. Broadly advanced hacks, for example, the WannaCry worm, which affected systems on several continents in May 2017, encrypted victims documents and requested cryptocurrency ransoms – bitcoin, on account of WannaCry – with a specific end goal to decrypt them.
Cryptojacking takes a different approach, harnessing victims' machines to "mine": perform the computations necessary to update cryptocurrencies' blockchains, creating new tokens and generating fees in the process. These new tokens and fees are deposited to wallets owned by the attacker, while the costs of mining – electricity and wear and tear to computers – are borne by the victim.
Doing currency mining on your own machine is perfectly legit. Basically, you’re solving gnarly math problems to verify transactions; in return, you get some new coins. But the Showtime cryptojacker tapped into the CPUs of unsuspecting viewers and used their spare cycles to do the spadework.
Victims do not lose their own finances to cryptojacking, experts say, but do end up with unwanted software running on their computers.
However, in the past few months, attackers have been increasingly switching from building large botnets to infecting machines with cryptomining malware. They then make money from selling the generated cryptocurrency. This way, the attackers can eliminate the middlemen and see a faster return on investment.
Bitcoin mining has been extremely inefficient on CPUs for years. These days, it can only be mined with specialized hardware, called application specific integrated circuit (ASIC), so attackers avoid using it in their cryptomining malware.
The cryptojackers would use up to 90% of a system’s resources in order to maximize their cryptocurrency gains. However, this should usually halt most of the other tasks on a computer or server, which would then alert the owners of the machines that something is wrong. In a recent cryptojacking attack against Tesla’s cloud infrastructure, the attackers preferred to stay under the radar and avoid detection.
In the past more than 4000 websites, including government websites in the US and UK, such as the UK’s Information Commissioner’s Office (ICO), were reported to be serving the CoinHive crypto miner to its users. CoinHive crypto miner is a JavaScript script that can be installed on any website and was designed to mine cryptocurrency at the expense of its users’ CPU power. Clearly this was not the intention of any of the companies affected. This ‘cryptojacking’ assault was a direct result of a third party provider (TextHelp) used in the ICO’s website being compromised, without the knowledge of website owners nor the third party provider.
Browser based mining isn’t a new concept. Actually, it might be older than you’d think. Back in 2011 (when Bitcoin was still rather new to the world, netting at 7$ per coin), mining it was much easier and less complicated. Back in those days, BitcoinPlus already offered means to mining currency using browser-based scripts. Alas, following the success of Bitcoin and rise of ASICs (Application-Specific Integrated Circuit) specifically built for Bitcoin, the days of browser-based bitcoin mining were short. With hundreds of other cryptocurrencies, all having cash value, there’s more options for attackers to choose.
Did you find this tutorial helpful? Don’t forget to share your views with us.