“Neutral” Cyber Attacks: What Is Cryptojacking and Can You Prevent It?

The nature of cyber attacks and malicious software is to wreak havoc. They can destroy entire systems and networks or affect people’s lives in ways those who’d never been under an attack wouldn’t completely understand its consequences.
Yet, there’s one cyber attack type that doesn’t seek to destroy. As a matter of fact, it thrives and relies on a system’s good functionality, so it doesn’t damage the victim’s computer system or mess with their data.
The cyber attack type in question is cryptojacking. Cryptojacking software is so cleverly disguised that sometimes not even large companies can detect it. So, what is it, how does it work, and can you prevent it?

Reading Time: 6 minutes

What is cryptojacking

Illustration: Milica Mijajlovic

What Is Cryptojacking?

Cryptojacking is a cyber crime that involves getting unauthorized access to a victim’s device and exploiting its resources for crypto mining. The device in question can be anything from a mobile phone to a PC or server, and unlike other cyber attack types, cryptojacking can be considered “neutral.”

Why neutral?

Well, cryptojacking victims rarely suffer the consequences of a regular cyber attack. It isn’t in their attackers’ interest to lock the device, flood it with spam, or steal the victims’ data. Instead, they want it to perform as best as possible, as they rely on its computing resources to mine crypto.

With that in mind, cryptojacking wasn’t a thing before cryptocurrencies appeared on the scene and gained real market value. A very significant crypto boom happened in 2017, and that’s when cryptojacking first appeared as a form of code that allows miners to hijack another’s computer and use it for monetary gain.

cyber criminal

Source: Freepik

It didn’t evolve much since then. Of course, new code is still being developed, and people are utilizing new strategies to reach the same goal. However, the concept is still the same– the malware acts as a parasite that usually draws CPU power from the infected device.

Cryptojackers: Who Are They, and What Do They Want?

Cryptojacker is a cyber criminal who is also into crypto and crypto mining.

Simple enough.

But, unlike regular miners who understand that crypto mining can be expensive and will take a large chunk of their mining profits, cryptojackers have other plans in mind.

To be clear, they love the benefits of crypto mining. They just don’t want to waste thousands of dollars on crypto equipment and astronomical electricity bills, as mining requires a copious amount of electrical energy.

So, naturally, they instead deploy resources other people provide without their knowledge or consent. People, I say, because they need a large number of victims to execute their plan and actually profit from cryptojacking.

Crypto mining is energy-intensive, as computers compete to solve complex mathematical problems in the shortest timeframe possible. On top of that, a successful mining rig usually runs 24/7, meaning the mining equipment continually draws electrical power and adds more digits to your electrical bill.

But we also have to take into account that mining equipment is powerful, and a regular desktop PC, let alone a mobile phone or tablet, cannot compete with it. As a result, cryptojackers have to distribute the malware to many devices and ensure that their malicious software can run in the background for as long as possible.

When cryptojackers establish a connection with a device, their software will redirect a tiny amount of the victim’s computing power. And they can compensate for taking insufficient energy by having a pool of victims.

cyber victims

Source: Freepik

As cryptojacking uses primarily CPU power, this malware can cause the device’s performance to slow down gradually. Some may notice it, and some won’t. Even if they do, their first thought won’t be, “Oh, I’ve been cryptojacked,” but rather something related to storage space of battery health, as these are often responsible for poor device performance. That said, many crypotajackers get away with it and may continue to exploit their victims for months or even years.

How Does Cryptojacking Work?

Cryptojacking can be separated into two attack types, browser and host-based. When browser-based cryptojacking occurs, attackers implant their mining software on particular websites. When victims view the websites (or infected ads), the script executes itself automatically.

It’s worth noting that in this scenario, your computer wouldn’t store any malicious code, thus making cryptojacking detection drastically tricky. The code’s purpose, however, is to solve mathematical problems presented to miners while you’re browsing the site and send the solutions back to the attacker’s server.

The host-based attack works like a regular phishing attack. Victims would often receive sketchy emails containing links or attachments that contain this malware type.

phishing attack

Source: Freepik

Still, while regular phishing can sabotage your systems and networks or steal your intellectual property, cryptojacking only installs mining software onto a victim’s device. Once the software is installed, cryptojackers can redirect a portion of the victim’s resources and use it for their own gains.

In both attack types, cyber attackers can control how much of CPU power is diverted and used for crypto mining. As stated earlier, it’s usually a small amount of power so they can continue exploiting their victims for longer.

Which Crypto Is Usually Mined Through Cryptojacking?

Monero (XMR) is the most popular choice of crypto mined through cryptojacking software.

Of all cryptocurrencies, why this one?

For starters, XMR is oriented around anonymity and privacy. With that in mind, its transactions cannot be traced, making XMR an ideal choice for cyber attackers involved in illegal activities.

xmr crypto

Source: Freepik

Additionally, the Monero network is based on a Proof-of-Work (PoW) consensus mechanism, which is the process of validating the accuracy of transactions and adding transaction blocks onto a blockchain. In this system, mining adds valid blocks on the chain, and the PoW mechanism allows miners to use a standard CPU instead of professional mining equipment to complete this process.

So, not only is XMR untraceable, but its blockchain’s foundation allows miners to employ average-performing devices to mine this crypto.

Of course, XMR isn’t the only coin obtained through cryptojacking. Bitcoin, Ethereum, and many altcoins are lucrative rewards of cryptojacking.

Why Is Cryptojacking Considered a Concern?

We learned that because it “only” takes the victim’s computational resources, cryptojacking could be considered a “neutral” cyber attack strain. And yes, while cryptojacking doesn’t cause damage that occurs during other cyber attacks, it’s still an illegal activity that can cause harm.

As cryptojacking slows down infected systems, its victims will experience poor device performance. Decreasing device performance isn’t always a big deal for many affected individuals.

Still, if you notice any changes on your computer, it would be best to solve the issue. After all, a spike in processor utilization and overheating can damage the device in the long run.

Additionally, large organizations and companies that have fallen victim to cryptojacking could lose thousands of dollars trying to determine what’s wrong with their systems.

company system

Source: Freepik

Furthermore, cryptojacking is, of course, unethical and can be considered an intrusion. It shouldn’t be seen as a neutral attack because it doesn’t matter that attackers didn’t sabotage entire systems– their actions still carry negative consequences for the victims.

How to Detect Cryptojacking?

Cryptojacking attacks can remain undetected for months. Although there aren’t many clear signs that reveal the existence of this malware, some indicators could help you connect the dots and detect cryptojacking.

Here are some signs that suggest the possibility of cryptojacking malware infestation:

  • Poor device performance: One of the most obvious symptoms of cryptojacking is decreased performance of infected devices. Systems infected with cryptojacking software run slower and exhibit poor battery life or sudden crashes, and these symptoms happen due to extra strain caused by cryptojacking malware.
  • Overheating: When cryptojacking malware strains a processor, devices may overheat. Overheating can lead to computer damage, so if you notice that your computer case or the bottom of the laptop is getting hotter than usual, try to find the cause and neutralize the threat as soon as possible.
  • Increase in CPU usage: CPU usage will spike as a result of cryptojacking. You can check the CPU usage of your device using programs such as TaskManager or ActivityMonitor, but keep in mind that cryptojacking software can disguise itself as a legitimate app/ program on your device. With that in mind, taking your device to an expert for occasional inspections seems like a good idea.
  • High electricity bills: Cryptojacking software requires significant electrical power to redirect some of your resources to solving mining equations. As a result, your energy bill might be unusually high.

How to Prevent Cryptojacking

Preventing cryptojacking is always a better idea than trying to remove masked software from your device. Luckily for you, some prevention methods work against some other cyber attacks, too.

  • Use ad blockers: Some cryptojacking software creeps behind pop-up ads. The best solution to this, of course, would be to install an ad-blocker extension and ensure a safer browsing experience. Not only will using ad blockers improve your safety, but it will also turn YouTube browsing into a pleasant experience.
  • Disable JavaScript: Disabling JavaScript on your device will undoubtedly prevent a malicious cryptojacking code from inhabiting your system. Still, you should know that you could lose access to media on websites that use JavaScript if you disable it.
  • Uninstall the older version of Java: By removing older Java versions from your system, you will ensure that Java programs are running on your system with the most recent security and performance updates.
  • Use extensions that block cryptojacking: Installing browser extensions such as MineBlock can prevent browser-based cryptojacking software from infesting your device. These preventions won’t block attempts at phishing attacks, though.
  • Stay informed and alert: Cryptojacking is evolving, and new techniques or strains may emerge at any minute. Reading about new trends and the latest cryptojacking methods can help you shield yourself from these attacks or employ new practices that will improve your security.

Final Words

Cryptojacking might seem harmless. Nevertheless, it’s a crime, and it involves a non-consensual taking of resources from multiple parties. Not to mention that abuse of one’s device can damage the device in question.

So, if you notice possible signs of cryptojaking, contact an IT professional and ask for a security check. Although sometimes security checks don’t help, having an IT professional involved in the malware detection process will improve your chances of finding and resolving the problem.

Jelena is a content writer dedicated to learning about all things crypto. Her hobbies are playing chess, drawing, baking, and going on long walks. During winter, she usually spends her leisure time reading books.

Subscribe to our newsletter and stay updated !