See the vXchnge Difference at Our National Colocation Data Centers

Schedule a Tour

What is Cryptojacking and How to Detect It

By: Alan Seal on January 14, 2019

Hackers have developed a variety of ingenious methods for profiting from security breaches over the years. In most cases, their efforts involve the active theft of valuable data (such as financial or other personal information) or some form of deception that causes people to unwittingly compromise their security (such as email phishing scams). These security threats can take a number of forms. Ransomware, which generally involves the unauthorized access and encryption of data until the victim pays a ransom to unlock it (usually without success), has made headlines on numerous occasions recently while distributed denial of service (DDoS) attacks become larger and more numerous every year.

One of the newest forms of security threats, however, takes a very different approach. While hackers have long been able to introduce harmful malware into programs of all kinds, this malicious code is usually intended to steal or transmit personal information that could potentially be of value. It’s a hit or miss approach that doesn’t always translate into clear financial benefits for an attacker. Given that uncertainty, some hackers have found a way to use malware to produce more direct financial gains.

The strategy is called cryptojacking.

What is Cryptojacking?

To understand how cryptojacking works and how to detect it, it’s important to know a thing or two about the cryptocurrency it ultimately generates. Cryptocurrency is a form of digital currency generated when computers solve extremely complex cryptographic calculations to verify transactions in a peer-to-peer network. When a computer solves these equations, the user gains a piece of that cryptocurrency. There are various types of cryptocurrencies, with Bitcoin being the most well known, and in addition to having value in certain digital marketplaces (and even a few physical ones), many investors also buy units of it in the hopes that its value will increase over time. The cryptocurrency market is much like investing in gold or silver. Since the total number of units is limited by the amount that can be “mined” at any given time, the scarcity and verifiability gives cryptocurrency its value on the open market.

Anyone with a computer can theoretically mine cryptocurrency, but doing so is incredibly resource intensive in terms of processing power. This translates to high power and cooling costs that are beyond the capabilities of the average person. However, hackers have developed a solution to this obstacle in the form of cryptojacking. By infecting multiple computers with malware, they can use a portion of the machine’s processing power to contribute to a broader cryptocurrency mining network.

How Does Cryptojacking Work?

The first step is introducing malware. This can be done in a variety of ways, but the most common are old-fashioned phishing techniques that trick people into clicking on a link or downloading an attachment that executes a malicious script in the operating system. The script then runs in the background, completely hidden from detection unless the victim knows what they’re looking for. Web browser miners are another tactic. Hackers insert cryptojacking scripts into a compromised website or pop-up ad that automatically executes whenever a user visits.

However the malware is contracted, once the script executes, it begins to solve cryptomining code and send the results back to the hacker’s server, allowing the hacker to harness the processing power of hundreds or even thousands of computers to mine cryptocurrency quickly and cheaply. The power and cooling costs of all that processing fall squarely upon the infected computers, not the hacker’s equipment.

How to Detect and Prevent Cryptojacking

Cryptojacking malware scripts can be found across multiple platforms and devices. While major companies are often affected, such as Showtime’s online streaming service in 2017 or the Los Angeles Times website in 2018, most of these attacks fall upon small businesses and individuals.

There are a few telltale signs of cryptojacking. If a device seems to be running unusually slow or is responding sluggishly, that could be an indication that most of the processing load is being devoted to cryptomining. Checking the processor usage statistics on the device may reveal that much of the computing power can’t be accurately accounted for. Since the calculations required for cryptomining are incredibly resource intensive, a cryptojacked device will often overheat for no apparent reason.

Since cryptojacking relies upon malware, many of the strategies used to screen out malicious programs are effective deterrents. Ad-blocking software and anti-cryptomining browser extensions can offer additional protections as well. It’s important to update software regularly to implement the latest security patches. Servers can be protected by installing cryptojacking blockers that actively screen out malicious programs. People should also educate themselves about some of the most common forms of cyberattacks responsible for data breaches. By learning how to detect hacking or cybersecurity risks, networks of all types can be made more secure.

With cryptojacking expected to become one of the most common forms of cyberattack in the coming years, it’s more important than ever for companies and individuals to understand how their systems may be at risk from dangerous malware. The 2018 cryptocurrency crash may have taken these attacks out of the headlines, but given the ease with which they can be orchestrated, it would be unwise to disregard the threat.

Hi there! Speak to an Expert About Your Company's Specific Data Center Needs