The latest cyber security threat has been thrust into the spotlight this month. Crypto-jacking, also often referred to as drive-by mining, is becoming more prevalent. It is the process whereby hackers and websites host sections of code that have the ability to hijack your computer power towards mining cryptocurrency for the perpetrators gain.
The hackers insert snippets of code into operation on a website visitors’ PC without their consent. This can lead further to security breaches and considerably affects the use of computer resources. For example, systems can freeze, personal data can be lost, work can be lost, gaps can be created that other hackers can exploit — all of which can negatively impact individual security and productivity.
What’s the Motivation?
Cryptocurrencies are mined by applying computer power towards solving complex mathematical puzzles. Crypto-jacking seeks to profit by harnessing the computer power of everyday PCs attached to the internet for their own gain. The more computer power the crypto-jacker can access the more cryptocurrency they are collecting through mining.
Targeting of High Volume Sites
This type of crypto-jacking code has been found in some websites which attract high volumes of visitors each day — such as that of major US TV production company CBS Showtime — which was flagged and removed in September.
Hackers are suspected of planting crypto-jacking code on the extremely popular websites, then accessing visitor machines to generate virtual currency. In addition, the drive-by mining software was found on the official website of global football superstar Cristiano Ronaldo. Crypto-jackers specifically target these high-volume sites to gain access to masses of individual site visitors’ computer power and resources.
Source: https://go.malwarebytes.com. Findings Published October 2017
Bitcoin: A Targeted Approach
As part of the ongoing development efforts of the Bitcoin team they have implemented a system whereby Bitcoin requires customized chips and specific bespoke hardware to mine for the largest cryptocurrency by market capitalisation — this circumvents the internet to PC based crypto-jacking approach. However, other cryptocurrencies have not been designed in the same way — exposing them to a higher degree of risk.
Monero
The Monero cryptocurrency has played a role in the recent growth of crypto-jacking. Launched officially in 2014 this cryptocurrency has been specifically designed to be mined on individual PCs. A number of off-the-shelf Monero mining tools have been put into circulation — examples include Coinhive and JSEcoin. These tools can be easily added into websites and feed through into unsuspecting visitors’ computers to carry out crypto-mining.
Coinhive
In September of this year, cybersecurity investigators and researchers announced that they have found thousands of examples of video-streaming and file-sharing websites hosting crypto-mining software like Coinhive. The majority of these sites do so unbeknownst to the site visitor.
Risk Management
After releasing these findings, Coinhive created a new version that offers an opt-in button to optionally grant the miner their consent. However, there are suspected to be many other versions of this type of crypto-jacking software in use and as a preventative measure internet users can download a “blocker” browser extension specifically designed to prevent code being inserted into their PCs. Examples include minerBlock and No Coin. In addition, newer antivirus software packages are starting to include built in blockers to this threat.
Warning: Investing involves a high degree of risk.*IQ Option is a brokerage company and does not provide OTN tokens to clients. All tokens are provided by the OTN foundation. The OTN foundation confirms that it does not sell OTN tokens and that the activity is non- commercial.
Source: