Alex Archondakis, a member of the BCS Internet Specialist Group, reports on CryptoJacking, and explains how people and organisations can protect themselves from the practice.

CryptoJacking or ‘drive-by mining’ is quickly becoming a popular attack vector amongst hackers due to the rise in crypto currencies. Even though the market is currently struggling there are now over 1,500 different types of crypto currencies (not all of these are mineable) with some investors seeing huge profits over a very short time. It is, therefore, no surprise that hackers have become interested in the market as a lot of crypto currencies are almost impossible to trace as investors use anonymous wallets to hold their coins, this provides extra security and makes it harder to trace transactions.

Explained simply, crypto currency mining uses your computing power to provide a 24/7 bookkeeping service which is more commonly known as ‘verifying transactions’. Each transaction that is verified will reward the miner with a small fee for using their computing power.

The more computing power available, the more transactions can be verified, which will ultimately end in more money being made. However, computing power is expensive and also uses a lot of electricity which in turn ends up costing a miner a chunk of their profits, so how can an attacker make money and not have to pay any fee’s?

The answer is CryptoJacking, which involves embedding malware into popular sites that get thousands of visitors per day. The infected computers of those browsing the sites will silently mine crypto currencies against the user’s will and deposit the earnings into the attacker controlled, anonymous wallet. No costs for hardware, no costs for electricity and the malware can often go undetected for long periods of time.

Coinhive has recently made headlines as the most prevalent Cryptojacking software and thanks to public WWW we can find out how many sites have the coinhive.min.js script embedded into them by using the following search:

https://publicwww.com/websites/%22coinhive.min.js%22/

As of now, there are more than 35,000 websites using the coinhive script. Upon researching the infected sites, it is difficult not to notice that a large majority of the sites seem to be free movie streaming services, which is no surprise as these often host different types of malware.

With the crypto market remaining volatile it is likely that CryptoJacking will continue becoming more popular and sophisticated over the foreseeable future.

How to protect against CryptoJacking?

CryptoJacking malware is difficult to protect against, as the affected computer does not show obvious signs of infection as the malware silently mines in the background. The first step is to use an extension that blocks the most common JavaScript miners such as minerBlock and No coin, as well as ensuring that you have a good, up-to-date anti-virus software installed on your computer. Using scriptsafe or NoScript JavaScript blockers is also a good defence against the malware as it disallows JavaScript to run on any pages, unless specifically allowed by the user.