It may sound like the stuff of sci-fi movies, but cryptojacking isn’t some futuristic work of fiction. It’s a cybercrime in which malicious software can infiltrate your computer—often without a user’s knowledge—in order to mine cryptocurrency. It’s the equivalent of a computer zombie, said Zohar Pinhasi, CEO of MonsterCloud.
Here’s what you need to know about this latest cyberthreat and how to better protect your digital hardware.
What is cryptojacking?
Although the fundamentals of cryptojacking are nothing new, using malware for the specific purpose of mining cryptocurrency only became popular in the past few years. “Cryptojacking really hit its stride in [late 2017] or 2018, when the price of most cryptocurrencies soared to sky-high levels,” said Pinhasi. “Cybercriminals realized that for relatively little effort and cost, they could infect computers and realize huge returns.”
While reports of cryptojacking tend to rise and fall with the value of cryptocurrency, it’s not likely to go away anytime soon. In 2018, cryptojacking incidents more than tripled. So far in 2019, the trend is on the decline, according to a report by the Internet Society Online Trust Alliance. But a recent incident—cryptojacking code was found in a code library for Ruby, a popular computer programming language—calls into question whether the threat ever goes away. “Unsuspecting coders and developers used the code, exposing more than 3,000 people,” said Pinhasi.
How cryptojacking works
The process of cryptojacking involves using someone else’s computer—without their permission—with the goal of mining cryptocurrency, said Marty Puranik, president and CEO of Atlantic.net. It’s a unique form of cybercrime because it’s taking the computer’s processing power to use as its own.
This is traditionally done through a process known as phishing, where a cybercriminal convinces a victim to click on a link that delivers mining code directly to that computer. Another more effective way involves infecting a website with a code that launches itself when the browser is loaded. Individual computers with limited processing power aren’t usually targets. Rather, cybercriminals tend to target cloud environments with large processing power, said Puranik.
For criminals, using someone else’s computer to mine cryptocurrency is ideal because there is no overhead. The victim is paying for the electricity that supplies the power to the computer, which the criminal exploits to their advantage. “As long as crypto is fetching a good price, it’s a high-margin operation for criminals,” said Pinhasi. Although not having to pay an electricity bill may seem like a minor detail, imagine a criminal organization taking control of hundreds of thousands of computers, “that’s a lot of power … power they don’t have to pay for. It’s all profit,” Pinhasi said.
How can I protect myself from cryptojacking?
While an individual, personal computer isn’t likely to be a target for cryptojacking, that doesn’t mean it’s never happened—or never will. Better guard yourself and your digital devices by taking the following steps:
- Know the telltale signs of an infection. If you notice your computer is running more slowly than usual, programs are taking longer to load and you experience constant freezes, that could mean trouble. “A dead giveaway is your computer’s cooling fan running constantly,” Pinhasi said. “That’s because the malware is working 24⁄7 in the background, and your computer is struggling to keep itself cool with all the added processor demand placed on it.”
- Run antivirus and internet security software updates regularly. This should be often enough to catch malware and remove it before it impacts your machine. “The vast majority of personal computer users are running outdated software on outdated machines,” Pinhasi said. “The single best thing you can do to protect yourself from attacks like this are to maintain your machine and keep your software up to date.”
- Be cautious of the sites you visit and emails you open. Cybercriminals are notorious for hijacking computers through unsolicited emails or unprotected websites. While there’s no way to truly ensure every website you visit is legitimate and every email you open is sent from a valid user, running a reverse email search may help you do your due diligence before opening any suspicious emails.
As technology advances, cybercriminals will continue to look for ways to exploit it for their own gain. Learning about potential cyberthreats and implementing safeguards can go a long way in keeping you one step ahead of the fraudsters.