Cryptocurrency mining has been embedded into websites and web servers lately, utilizing a visitor’s browser as a vehicle to compute mining transactions.
It uses unsuspecting visitors’ computer resources but sends any profits derived straight to a wallet outside of the visitor’s control.
It’s a resource-draining trend that is only increasing. Since September 2017, over 5,000 websites have been embedded with Coinhive, a Monero cryptocurrency miner. Ransomware has slowly been dropping off since then, following a relatively brutal year in 2017 which featured WannaCry and NotPetya, and in its place it seems clear to cybersecurity professionals that “cryptojacking” is fast becoming 2018’s malware of choice, having reached above 500 million users’ devices.
History of Cryptojacking
Browser cryptocurrency mining has been discussed in cryptocurrency circles for years, but quickly became obsolete as GPU power became the Bitcoin standard. However, it was Coinhive that made the first commercial link with an idea to replace advertising revenue, using a CPU which can mine Monero.
By mining in a web browser, Coinhive claims this a viable method for webmasters to combat the use of ad blockers, such as “uBlock Origin,” which deprive websites of precious ad traffic revenue—revenue that many sites rely on in order to continue operating.
Many high-profile sites have toyed with the idea of integrating crypto miners into their sites, notably The Pirate Bay and other torrent sites.
Developments in Cryptojacking
Since late-2017, hackers have taken the idea behind Coinhive and attacked some unwitting servers, programs or “bot” machines, unleashing crypto miners and bogging down the legal owners by essentially stealing their resources. One of the largest such examples was back in January 2018 when hackers made off with around a quarter of a million dollars in Monero, mined on Oracle’s Weblogic Servers—a high-profile company’s infrastructure.
This is the new landscape, a way to not necessarily go straight for a person or companies’ funds directly, or hold them ransom, but rather secretly installing software or running a script on their web browser which drains their computer resources and ramps up their power costs.
Prevention: Safety & Security Tips
There are several things you can do as a user in order to reduce the risk of having your browser or server used to mine cryptocurrency without your consent or knowledge. These methods of prevention must match the level of attack and/or targeting by the adversary.
- Browser Mining
The simplest and least threatening form of cryptojacking is when a website administrator or person who controls a web server inserts a small Javascript miner into a site’s core backbone. They might be upfront about it, or they may covertly attempt to mine cryptocurrency using your device. When you visit this server, your browser runs the script and begins mining at great cost to your computer’s power.
The easiest way to circumnavigate this type of cryptojacking is to install an ad blocker which has explicitly advised they have added known cryptojacking services to their block list. It’s not foolproof though, and for a more complete service, it’s best to block all scripts in your web browser using something like “No Script” or “uMatrix.”
It will take time to get used to the web again as you peel it back—requiring a bit of play to get Javascript rich sites to work properly. Though, it’s also a bit of a shock to see just what your favorite site is trying to run on your computer, including many tracking scripts and data harvesting scripts.
- Application Mining
It’s much more difficult to detect crypto miners that have been embedded into the source code of an application which you run locally on your computer or device. It’s important, therefore, to ensure your applications are always up-to-date, since updates are normally full of security patches.
However, hackers can hijack the download link of sites, pushing their own versions of applications which have been altered.
The best way to combat this is to always check the hash of the file you are downloading. It’s a bit different for every platform, but a quick search will show you how to do this, and once you start, it becomes easier to do going forward.
- Server Mining
In this circumstance, a hacker would gain access to a company or home server and attempt to gain root access, which enables them to take control of the machine. With control of the machine, they are free to install crypto miners and set the output addresses as their own.
You may see abnormal usage from a home server you’re running, or you may notice a software that shouldn’t be running. It’s important to have a good understanding of network security if you’re running a server, since cryptojacking is fast becoming the most profitable method for hackers to extract value from you.
Some scanning software should see something is wrong. If not, it will likely show up in the processes running.
- Stay Alert
It’s easy to become complacent when it comes to web browser and computer safety. All major browsers are working hard to implement new security features, but often these features come from the most successful browser add-ons, meaning you could be secure from cryptojacking now if you have the right add-ons installed.
Killing scripts in your web browser will kill nearly all crypto miners. But in doing so, many sites might become difficult to use initially, until you grant the site the ability to run the scripts you need.
It can at times be a guessing game, and you might even end up enabling a cryptocurrency miner unwittingly. Coinhive’s rhetoric that cryptojacking could replace advertising as a source of revenue seems misplaced at this time, since in most cases it’s a major pay cut for websites.
Perhaps as Google implements their native ad blocker, crypto miners in sites will just keep increasing and even become a legitimate way for site owners to take revenue. For now, though, it’s something to keep out of your system, and a script blocker is the easiest way.