As if computer users needed something else to worry about, a new web-based threat called “cryptojacking” is making the rounds. But this one has a twist: It doesn’t install malware on computers; instead it “borrows” the CPU to mine cryptocurrencies such as Bitcoin, Ethereum, Monero and Litecoin when users visit compromised websites.
Of course, users won’t know that hackers are using their processing resources because no software is installed. But they’re likely to notice the computer get really sluggish, making it hard to open applications, navigate the web or complete any other task. Solution providers and MSPs need to be aware of this new threat to help clients address it.
Cryptojacking works behind the scenes, slowing a computer or device to a crawl as it uses the CPU to mine cryptocurrencies. A cryptocurrency such as Bitcoin or Monero allows users to make secure, anonymous transactions over the web. These digital currencies employ code that runs on blockchain, a secure digital ledger shared across a computer network. Mining is the process of recording transactions in the blockchain and issuing new currency.
Unlike ransomware, cryptojacking doesn’t encrypt the computer or demand ransom to restore access to your own files. But it still acts like malware in the sense that it steals computing resources and gets in the way of your work. And let’s not forget – we’re talking about unauthorized use of a computer or device, which is never OK.
Resource Hog
First spotted in September, cryptojacking starts working immediately after your browser loads a compromised website. Because it hogs CPU resources, it causes overall performance to significantly decline. The code used to mine cryptocurrencies takes up a lot of resources. The effect is temporary because once you navigate away from the compromised website, the computer’s behavior should return to normal.
Willem de Groot, an independent security researcher, says he has spotted cryptojacking on nearly 2,500 websites. This malicious practice “is quickly spreading around the web” and extends to online stores, he says.
It isn’t that legitimate storeowners are trying to earn extra money by mining cryptocurrencies, de Groot says. “I found that 80% of cryptomining stores also contain payment skimming malware. Apparently, cyberthieves are squeezing every penny out of their confiscated assets.”
The U.K.’s Register reports the problem is more widespread, and that 30,000 computers have been hijacked for digital currency mining.
Blocking Cryptominers
Solution providers and MSPs need only take a few simple steps to help clients prevent cryptominers from taking their CPUs for a joyride. Google Chrome users can take advantage of a browser extension called No Coin designed specifically to block mining of digital currencies from unauthorized use of CPU resources.
Another method to is to add known cryptomining sites, and those suspected of it, to a browser’s ad blocker.
How Serious Is It?
At this point there is no need to catch malware with endpoint security scans because, as already noted, no malware is downloaded. Whether that changes in the future remains to be seen. We know that malware evolves and takes on new forms, so it wouldn’t be a surprise to see cryptominer evolve into something more dangerous.
Any time hackers take control of computing resources for their own profit-making purposes, you should take every step to prevent that. Today, they’re using it for cryptomining, but tomorrow it could be something even more nefarious.
Guest blog courtesy of VIPRE Security. Read more VIPRE blogs here.
