Your pain is their gain. That’s how things go in a cryptojacking attack.
Cryptomining is the utilization of computers to run processor-intensive computations to acquire cryptocurrency. Cryptojacking involves hijacking a device and using it to mine cryptocurrency for profit. It’s a form of malware that saps your device’s resources, making it run sluggish and potentially overheating it as well.
Meanwhile, the hackers behind those attacks generate cryptocurrency by hijacking your device and thousands of others like it. Together they create virtual illicit networks that turn them a profit.
However, you can absolutely prevent it from happening to you. That starts with a closer look at who’s behind it and how they pull it off.
How cryptojacking works.
What lures hackers to cryptojacking? It’s big business. Gone are the early days when practically anyone with a standard computer could participate in the cryptomining process. Today, the proverbial field is flooded with miners competing against each other to solve the cryptographic puzzles that earn a cryptocurrency reward. Profitable miners run farms of dedicated mining rigs that cost thousands of dollars each.
Visualize row after row of racks after racks stacked with mining rigs in hyper-cooled warehouses. That’s what industrialized cryptomining looks like nowadays.
To put it all into perspective, one study estimated that “(t)he top 10% of [Bitcoin] miners control 90% and just 0.1% (about 50 miners) control close to 50% of mining capacity.” That makes cryptomining a difficult field to break into. And that’s why some people cheat.
Enter the cryptojackers. These hackers forgo the massive up-front and ongoing costs of a cryptomining farm. Instead, they build their cryptomining operations off the backs of other people by hijacking or “cryptojacking” their devices. In doing so, they leach the computing resources of others to mine their cryptocurrency.
Cryptojackers will target just about anyone—individuals, companies, and governmental agencies. They’ll infiltrate phones, laptops, and desktops. In larger instances, they’ll go after large server farms or an organization’s cloud infrastructure. This way, they get the computing power they need. Illegally.
As to how cryptojackers pull that off, they have a couple of primary options:
- Malware-based delivery, where a victim’s device gets infected with cryptojacking code through a phishing attack or by installing an app laced with cryptomining
- Browser-based delivery, where cryptojackers compromise a victim’s browser while they visit a site that hosts cryptomining code. Sometimes cryptojackers create malicious sites for this specific purpose. In other instances, they infect otherwise legitimate sites.
What can that look like in the real world? We’ve seen Android phones harnessed for cryptomining after downloading malicious apps from Google Play. Cryptojackers have created counterfeit versions of popular computer performance software and infected it with cryptojacking code. We’ve also seen cryptojackers tap into the computing power of internet of things (IoT) and smart home devices as well.
Interestingly enough, the rate of cryptojacking attacks is closely tied to the vagaries of the marketplace. As the value of cryptocurrencies rise and fall, so does cryptojacking. The crooks behind these hacks go where they get the biggest bang for their buck. So as cryptocurrencies drop in value, these crooks drop their cryptojacking attacks. They opt for other attacks that offer a higher return on the resources they invest.
Despite its cyclic nature, cryptojacking remains a stubborn problem. Yet you can do plenty to prevent it from happening to you.
Three ways you can prevent cryptojacking.
- Stick to legitimate app stores:
Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure, third-party sites might very well not. Further, some third-party sites might intentionally host malicious apps as part of a broader scam.
Granted, hackers have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Further, Google and Apple are quick to remove malicious apps when discovered, making their stores that much safer.
- Use online protection software:
Comprehensive online protection software like ours can protect you in several ways. First, our AI-powered antivirus detects, blocks, and removes malware—new and old. This can protect you against the latest cryptojacking attacks. Further, it includes web protection that blocks malicious sites, such as the ones that host web-based cryptojacking attacks. In all, comprehensive online protection software offers a strong line of defense.
- Protect yourself from phishing and smishing attacks:
Whether cryptojackers try to reach you by email (phishing) or text (smishing), our new McAfee Scam Protection can stop those attacks dead in their tracks. Using the power of AI, McAfee Scam Protection can alert you when scam texts pop up on your device or phone. No more guessing if a text is real or not. Further, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.
Keep cryptojackers from making a fast buck off you.
While hackers love pilfering the computing resources of large organizations, their cryptojacking attacks still target everyday folks. Just as is the case with ransomware, hackers will seek to make their money in volume. Targeting under-protected households can still reap plenty of cryptocurrency when hackers do so in numbers.
Protecting yourself is relatively easy. Several of the same general steps you take to protect yourself online offer protection from cryptojacking attacks as well. Stick to legitimate app stores, use the tools that can quash spammy emails and texts, and go online confidently with online protection software. Nobody should make a fast buck off you. Particularly a cryptojacker.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.