Cryptojacking Preys on the Uninformed. Is Your Computer Safe? The rise of crypto has introduced a new problem: cryptojacking. Here's how to protect yourself.
By Leyes Edited by Amanda Breen
Opinions expressed by Entrepreneur contributors are their own.
While cryptocurrency is changing the finance world in new and exciting ways, it's not all positive. Just like computers brought along all new forms of scamming, the crypto world has now introduced us to a new problem: cryptojacking. Like most scams, cryptojacking preys on the uninformed. However, even knowledgeable folks can fall prey to these schemes.
In 2018, cryptojacking attacks increased by 450 percent and ransomware dropped 45 percent. While the cryptojacking numbers dropped in 2019 as the crypto market fell, new evidence shows that we'll likely see record highs of cryptojacking in 2021.
Related: Why Small Businesses Must Deal With Emerging Cybersecurity Threats
What is cryptojacking?
Cryptojacking occurs when a hacker uses someone else's computer without his or her consent to mine cryptocurrency. Hackers install code on the victim's computer or browser, which then runs in the background while the victim uses his or her computer, none the wiser. The code can sometimes cause the computer to run slower or lag, but is otherwise undetectable.
Cryptojacking can occur in a couple of ways — first, by infecting an ad or website with JavaScript code. When people visit the site or get the ad pop-up, the script will auto-execute in their browser. This method infects only their browser, so when the victim uses the browser as he or she normally does, the script runs. Cryptojacking can also occur by sending victims emails with malicious links. These emails, like other phishing emails, look legitimate and provide some reason to click the link, which runs code to add the cryptomining script onto the victim's computer. With this method, the victim's entire computer is infected with the script.
Worse still, some of these scripts have worming capabilities — meaning that they can infect servers and computers that are on the same network. These scripts are more difficult to identify and remove.
In either instance, once loaded onto a computer, the script will run in the background as the victim uses his or her computer normally. As it runs, it works through complex mathematical problems, sending its data to a hacker-controlled server. Oftentimes, both methods of infiltration are used by hackers to maximize their return. If a hacker has 200 devices infected with the cryptomining scripts, half might be using code on their machines that was installed from an email and the other half might be doing so via an infected web browser.
Related: Business Disruption Becoming Main Attack Objective for More Adversaries
Signs of cryptojacking
- Decreased performance. Take note of your computer running slow or lagging as you use it, as this is a sign of cryptojacking. Note that this can also be a sign of other computer issues like low RAM.
- CPU usage. For browser-based cryptojacking, you'll often notice increased CPU usage, which will accompany slow performance. CPU usage should only increase when you have a lot of tabs open or are viewing a website with a lot of media content.
- Overheated devices. If your computer gets hot, sounds like it's being overworked, and the cooling fans kick on, there might be cryptomining software installed.
- 4Changes to your website. If you have a website, monitor it for any unauthorized changes on the pages or files on the webserver. Embedded cryptomining code can cause unwanted changes.
Related: Singapore Is One of the World's Tech Leaders, Yet Its Companies Are Struggling to Fight Cyberattacks
How to prevent cryptojacking
- Use ad-blockers. Since one of the dominant ways cryptomining software is installed is through popup ads, install an ad blocker on your browser. These blockers can detect and block infected ads.
- Use browser extensions. To avoid cryptojacking scripts on web browsers, use extensions like No Coin, minerBlock, and Anti Miner to help protect yourself.
- Carefully examine emails. If you receive an email with a link, examine the email before clicking it. Was this a link you asked for or expected to receive? Is the sender who they claim to be? Double-check brand logos and emails before proceeding.
- Check for malware. Use the security software you already own to scan for malware. This will help identify malicious scripts, including those used for cryptojacking. If you're not sure what to use, PowerShell is a great software to start with.
- Stay on top of the trends. Hackers are innovative, so the way that they attack is always evolving. Stay knowledgeable on the latest crypto news by checking out reputable sources, like CoinDesk, CryptoSlate or TodayonChain. These sites all cover the latest in crypto news as well as security.
As with any cybersecurity issue, the key is to stay vigilant. Unfortunately, we have to be suspicious of any emails or ads that come our way — and that's a trend that's here to stay. By taking an active role to protect cryptojacking and staying knowledgeable about the world of crypto, you can do wonders for your security.