Cryptojacking: How You Mine Coins Without Knowing

It's more common than you think.

by Kyzmoff
11 May • 3 min
In Mining
With the recent hype around cryptocurrencies, mining is now getting harder and energy consumption is rising, which makes it more expensive for individual miners. Mining, or the "creation" of new digital coins, is the action in which graphic processing units (GPUs) or central processing units (CPUs) perform complex mathematic equations to virtually generate the coins. That's where cryptojacking was born. The European Union Agency for Network and Information Security (ENISA) describes it as a "technique of hijacking browsers for mining cryptocurrency without user consent". 
 
While you are reading this, your device might be using memory and processor power, and your electricity to generate money for someone else. This is cryptojacking.

How can you tell?

For the unsuspecting user, it might be hard to detect cryptojacking until it is too late. However, keep in mind that mining is a very intensive process which requires power and power drains batteries or raises heat. So the signs of cryptojacking are overheating machines when nothing is on, faster than usual draining laptop batteries, larger electricity bills, more heat hence more noise from the fans. And even with proper cooling, the increased heat can damage hardware in the long run and slow down the computer significantly. This affects not only individuals but also universities and enterprises because a large number of cryptojacked machines across an organization could provide with a larger amount of processing power and consume more electricity undetected. 

What can you do?
 
People concerned with cryptojacking should do antivirus scans periodically. While cryptojacking scripts are not exactly computer viruses, most antivirus software also checks for other types of malicious software. That usually includes identifying and blocking mining malware and even browser-based mining scripts. Installing software updates may also help with blocking attacks that try to download cryptojacking software or other malicious programs to the computers. In addition, browser add-ons that block mining scripts can reduce the chance of being cryptojacked by code embedded in websites.

How are your resources stolen?

One way is through malware attacks and involves tricking the user into downloading a mining application disguised as a different type of software to their computer. The downloaded application runs in the background without seeking any permission. The second is to send visitors to a webpage that includes a mining script in its code. This approach is far easier because the mining scripts could be very small. It takes just a few lines of code to download a small program, activate it and credit any mined coins. Another heist is by injecting mining scripts into ads that websites unknowingly provide to their visitors. User computers and energy do all the work, and the person who wrote the code gets all the cryptocurrency. The computer’s owner may never even realize what happens.
 
 
cryptojacking-image-chart
 
If you have been warned and consciously allow the cryptocurrency mining, it is not certainly a bad thing. UNICEF has introduced an initiative to donate resources for charitable crypto mining. But there are thousands, if not millions, of sites and applications that engage in cryptojacking. The problem grew to a point that Chrome banned all extensions involved in cryptocurrency mining from its browser, regardless if mining was done in secret or not. The more a visitor stays on a malicious website, the more cryptocurrency is being mined so it makes sense that the most successful cryptojackings are on streaming media sites. While YouTube and Netflix are certainly safe, some video portals with illegal or pirated content might target visitors for malicious purposes. Other sites extend the average visit time by opening an additional browser window and hiding it in the taskbar. So even after the browser gets closed, the site stays connected and continues to mine cryptocurrency.