Back to Basics – How to Protect Yourself from Cryptojackings

Cryptojacking has become an alarmingly common practice as crypto fever has swept across the world. More users are now at risk from this potentially costly style of attack than ever before. With attackers developing new scripts, a lot of anti-virus scanners are struggling to keep up the pace in protecting unsuspecting crypto enthusiasts. The attacks are evolving at a lightning quick pace, meaning that a patch that fixed a crypto jacking process weeks ago most likely won’t work on the newest breed of attacks we’re seeing right now. The best way to protect yourself from cryptojacking is by arming yourself with the knowledge of how to detect an attack, how to limit its impact, and – hopefully – how to shut it down before it’s too late.
This is where we can help, as the following looks at how you can protect yourself in the event of a cryptojacking.

What is Cryptojacking?

Cryptojacking is the process of an attacker injecting malware into a computer or website’s JavaScript file, so it can secretly mine cryptocurrencies using the individual’s CPU power. Once the malware has been injected into the device, it will then send instructions to the CPU to try and solve complex mathematical puzzles known as hashes. Once the CPU has completed a batch of hashes, it will then send this data back to the attacker, who will then submit it to the blockchain and receive a reward. Unfortunately – unlike mining pools – you won’t get to see any of these rewards as the victim of a crypto jacking.
Cryptojackers are smart people, they know CPU power won’t cut it when it comes to mining Bitcoin, so they opt for more mineable cryptos such as Monero. In fact, Monero is the cryptocurrency of choice for cryptojackers to mine due to the fact the difficulty level is so low. This means that CPU power alone can yield a nice Monero block reward. In addition to mining cryptos with lower block difficulties, cryptojackers infect as many devices as possible. This gives them more hash power and a greater chance of finding the next Monero block, meaning greater rewards.

How to Tell If You Have Been Cryptojacked

There are many ways to tell if you have been cryptojacked – or if there is a secret script running in the background. The simplest way is by opening up your task manager and look for a process that is hogging vast amounts of CPU power, or something you don’t recognize. There is a good chance the process will either be called CoinHive or CryptoLoot. If you spot one of these, immediately click “end task” and it will kill the miner – for now at least. Other tell-tale signs are that your computer is running much slower than usual – make sure it’s not just Windows updates – the fans are constantly running at full speed or you’re noticing poor visual quality when gaming.
Unfortunately, not all anti-virus scanners can detect cryptojacking scripts as they are injected into honest looking applications that you manually accepted as safe, such as a Google Chrome plugin for example. In China, an infected plugin was downloaded nearly 1 million times and it infected all of those machines. The cryptojackers then used that mining power to bag themselves over $2 million in various cryptos. However, in the case of Abstractism – a game that was pulled from the Steam store for being a crypto miner – it did in fact trigger an anti-virus alert on any user who scanned its files. One of the scripts in the game gave the developers the ability to remotely access the game’s files. Now, the developers claim this was for loot drops, but the same principals are used in crypto mining to receive completed hashes and deliver new data to be hashed.
If you download a file, make sure you scan it before opening it just to be safe, because if you don’t you could ending paying a costly price.

How to Protect Yourself from Cryptojacking – Websites

Now we know how to detect cryptojacking, we can now defend ourselves from it. Very commonly this type of script is embedded into a website’s JavaScript files, meaning your browser will automatically run it as soon as you land on an infected page. Some websites have begun to add it themselves to help boost revenue, especially given the rise of ad blockers. The Pirate Bay recently installed a CryptoLoot cryptojacking script into its website. It caused outrage amongst the file sharing community.
In the case of website based crypto miners, you can install almost any ad blocker and it will prevent cryptojacking scripts from running, while not affecting how you view the website. Ads use a very similar style of JavaScript to run, so the mining script gets flagged as an advert and the ad blocker blocks it from running. However, as scripts develop and advance this might not be enough. If you want to be extra cautious, consider installing a script blocker. Script blockers will ruin how you view websites, as most use some form of JavaScript, but it is the safest option.

How to Protect Yourself from Cryptojacking – Routers

There are other forms of cryptojacking that internet users are blissfully unaware of. Another popular method is by hacking into routers and adding a script to the firmware, which essentially turns every device on your home network into a Monero miner. When internet service providers (ISPs) give you your router, chances are they don’t teach you how to look after it and keep it safe. We are all well aware of setting a strong WiFi password or phrase, but this isn’t enough to keep you safe.
Consider changing your admin panel username and password, as by default the username is almost always “admin”, and the password is either “password” or “admin”. Simply log in to your router using the credentials – if you are unsure of these contact your ISP or there should be a sticker on your router with these details. This will help keep your router fairly safe.
The next step of router safety is to regularly check for firmware updates. This week we revealed that almost 200,000 Mikrotik routers had been compromised by cryptojackers, simply due to the fact that the firmware was out of date. The company fixed the security issue, but people didn’t update their routers. This is very simple to do from the router admin panel. Simply log in, navigate usually to the “About” or “Router Maintenance” section, and there should be a button that says “Update Firmware”. If you are unsure of how to do this – or want more help – contact your ISP to walk you through it, or call a trusted IT technician.

How to Protect Yourself from Cryptojacking – Software

One of the most important ways to keep your computer safe from cryptojacking software is to only download software from trusted sources. Make sure the URL is exactly as it should be – some cryptojackers make a spoof site that swaps out an uppercase “I” to a lowercase “L” as they look similar. While Windows has made it harder to obtain and use illegal copies of paid software from file sharing sites such as The Pirate Bay, they are still available.
We don’t condone using pirated software in any way – but if you must use them – run anti-virus scans on the files before installing or running anything. In addition to this, always use legitimate software when possible and keep it up to date. The same goes for any operating system you are running and the anti-virus software. Out of date software can provide gateways into your devices, leaving you at the mercy of cryptojackers.

The Dangers of Cryptojackings Shouldn’t be Ignored!

Hackers will find a way to get around even the toughest security measures, as reward for their effort is simply too great to pass up. To give yourself and your equipment the best chance at fighting off a cryptojacking attack, always keep it up to date and use your common sense when downloading something from the internet. If a deal sounds too good to be true, chances are that its some form of scam or hacker looking for a way into your PC.
Always keep yourself safe when using the internet, as you don’t want to waste your CPU power mining cryptos for other people!

Comments (No)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.