Cryptojacking: How you might be funding hackers without knowing it.

Cryptojacking: How you might be funding hackers without knowing it.

August 17, 2018

A new form of cyber-attack has recently reared its ugly head. It is being commonly referred to as cryptojacking. This process hijacks someone else’s computer to mine cryptocurrency, like Bitcoin.  What is truly worrying is that no program needs to be installed on the machine for this to occur. Hackers can infect a website with malicious JavaScript code that starts running when the page is loaded in a web browser like Chrome or Firefox

Unlike malware we are more familiar with, cryptojacking scripts do not target user data or aim to harm the device. The real goal is utilizing the processing power of the infected machine to perform complex equations which yields the currency they are after. For most of those infected, the only sign would be a degradation in overall computer performance. When compounded this could lead to replacing perfectly fine servers and computers to remedy the newly occurring “slowness”.

Adguard, a company that provides ad blocking software, conducted a cryptojacking study late last year. They found that over 33,000 websites are currently running a crypto-mining script and those sites receive over 1 billion visits a month. The scale is already staggering and will continue to grow thanks in part to the availability of the malicious scripts.

The best way to combat a threat like this is the same as any other cyber-attack, awareness. From the IT team to the reception desk, everyone should know what they are clicking on and who sent them there. A sizable number of these sites generate traffic by getting someone to click a link from a phising style email. Another reminder to scrutinize links that show up in your inbox. Keeping you machines up to date on the most recent patches, a service we offer to our customers, is another step in the right direction in the fight against this new threat.

Another tip would be to review your browsers add-ins and extensions. Take some time to look at your Chrome, Firefox or other browser extension list and remove anything you do not recognize. Ad blocker software can also be a viable defense as a preferred method of delivery of the scripts is through web ads. Check out ad blockers like MinerBlock or No Coin if you are looking for a reliable way to prevent your machine from falling prey to this new menace.