Cryptojacking — the theft of computational power to mine cryptocurrencies — is on the rise. This type of cybercrime affects millions of systems worldwide, reinforcing general mistrust of crypto and contributing to the already massive global energy footprint. Nevertheless, it is not going away anytime soon. The ease with which such an attack can be carried out makes it the low-hanging fruit for criminals looking to turn a relatively quick profit.
In our latest addition to the DeFi 101 series, we explore the underground world of cryptojacking, explaining what it is, the most common attack vectors, and what steps you can take to prevent your systems from being affected. Since there is usually no recourse if you have been exploited, a proactive approach to security is the only assured solution.
How to “borrow” a GPU
Since legal crypto mining is immensely costly and increasingly resource-intensive, miners without a moral compass cut their overhead costs by gaining unauthorized access to the computational power (and the energy it requires) from unsuspecting victims. Various systems — PCs, servers, IoT devices, cloud infrastructure — can be hijacked to solve computational problems required for cryptocurrency mining.
Traditionally, cryptojacking was yet another profit motive for compromising user endpoints through simple phishing attacks. Nevertheless, since there is only so much that a single local machine can mine, malicious actors have moved on to more sophisticated techniques and bigger prizes.
High profile cases — such as the multi-stage cryptojacking attack on the Cado Labs’ honeypot infrastructure, VMware Horizon servers infected with backdoors because of the Log4Shell vulnerability, or the NPM JavaScript package repository being used in numerous supply chain attacks — illustrate the immensely damaging effects cryptojacking at scale can have. Cryptojacking might seem a victimless crime to unsuspecting eyes. Nevertheless, the number of systems compromised, the amount of electricity consumed, and the reputations ruined speak volumes about the immense harm of such criminal activity.
Servers are the juiciest targets because of their computational power. The victim selection process is usually automated with malicious software that scans for the low-hanging fruit — internet-connected servers with exposed APIs or unpatched vulnerabilities (like the Log4J). After attackers gain unauthorized access and drop the miner payloads, they can then expand laterally into other network devices or propagate in a worm-like fashion across connected cloud systems.
Software supply chains are also a prime target. Malicious actors can seed open-source code repositories with embedded cryptojacking scripts. These packages and libraries may then be used by millions of developers around the world, quickly scaling up cryptojacking efforts in many ways. Naturally, they can hijack developer systems — servers, networks, and cloud infrastructure they use. Yet attackers can also bide their time and poison the software in development, later executing scripts on the user endpoints that will run the application.
Detection and prevention
By design, cryptojacking is a slow cyberattack. Mining scripts are far more lucrative if they can avoid long-term detection by leaving minimal traces. And since Monero is the cryptocurrency of choice — given how difficult it is for law enforcement to trace — there is, in effect, nothing you can do to recover the indirect financial losses. This means that you need to take actionable steps before falling victim.
Even though endpoint protection and detection technologies have seen major advancements in recent years, malicious actors remain one step ahead. Sometimes, the only signs of a cryptojacking script running in the background are reduced system performance, overheating, and large electricity bills. Watch out for a quickly draining battery, unusually poor application performance, crashes, or lag spikes.
For proactive security, pick a good antivirus software with web protection. Make sure you are always running the latest software and OS versions, downloading the latest updates and patches as soon as they come out. Install an ad blocker to protect yourself against scripts delivered through online ads. Get one of the browser extensions designed to block cryptojacking scripts across different websites. And, if you are particularly conscious of the risks, you may also want to disable JavaScript entirely on your browser and only re-enable it when needed.
You should also always stay on top of the latest news and threats in cybersecurity, staying proactive and familiarizing yourself with the most common vulnerabilities of your devices. By educating yourself on how attackers compromise systems and learning to adapt, you will not only be able to better identify cryptojacking attempts but also know how to respond accordingly.
About Lossless
Restoring trust in web3 security. Lossless incorporates a new layer of blockchain transaction security, protecting projects and their communities from malicious exploits and the associated financial loss.
Lossless protocol implements an additional layer of blockchain transaction security for ERC-20 standard tokens, mitigating the financial impact of smart contract exploits and private key theft. Lossless protocol utilizes community-driven threat identification tools and a unique stake-based reporting system to identify suspicious transactions, providing real-time protection.
Twitter | Platform | Telegram | Discord | Website | Documentation | Github
