The Rise of Cryptojacking

in #cryptocurrency7 years ago

A new trend in hacking is the most profitable hacking scheme devised yet. It's called cryptojacking. This is hijacking the computation resources of users and using it to mine for crytocurrency. An unwitting participant has their CPU used to mine cryptocurrency for someone else. This costs the victim money in electricity for the CPU power usage, while the hacker doesn't have to pay and reaps the mining rewards.


Source

For those who don't understand how some crpytocurrencies are created, it's done by using CPU power to perform cryptographic calculations. People compete to be the fastest at mining cryptographic blocks and get the be the winner. In order to be a winner who gets the reward, more CPU power is needed to be the fastest at it.

That's where cryptojacking comes in. If you get jacked to mine for someone, you help them with your CPU power to be a winner and get a reward. Your hardware and electricity is helping them make money.

You can get your computer resource hijacked by visiting certain websites or installing malware like extension in your browser. A website can also get attacked and turn into a profit generator for hackers. Hackers have recently shifter their attention to this easier for of exploitation for money, instead of the previous threat of ransomware.

Ransomware is worse as it locks you out of your computer until you pay the ransom that they hacker demands. This could be thousands of millions of dollars. It's been don to individuals and organizations like hospital and government agencies. Cryptojacking is bad, but not as bad. You don't know you're being used and having your electricity stolen from you, whereas ransomware is like having someone point a gun at you and pay up or else.

The main types of cryptojacking are:

  1. mining malware is unknowingly installed by tricking the user
  2. visit a webpage that has a script to run browser software that mines


Source

Websites that have ads placed can also be affected by injected cryptomining scripts in the ad network which then serve ads to visitors on the page. Clicking the ad runs the script through the browser and the mining begins.

Unless you notice the CPU usage has gone up, you won't know your hardware and electricity is paying for other people to mine cryptocurrencies.

Not all crypto-mining from the browser is bad. Sites can ask users to allow cryptocurrency mining for the website to generate revenue while they view the content they came for. Salon.com has started doing this as a way to opt out of displaying ads. A UNIEF charity has also done similar by asking people to share their CPU power to mine cryptocurrency.

Browser extension are also a vector for cryptojacking. Google has recently banned all cryptomining extensions from the chrome store as a full spectrum measure to stop any cryptomining being done from the browser, regardless of it being in secret as cryptojacking or user-accepted.

To easily safeguard yourself, you can install No Coin from the google webstore to make sure no one is using your computer to min cryptocurrencies without you knowing about it. Also, if your computer seems to be running slow, check your task manager to see if your browser or some other program is using most of your CPU power. End the process of the program if you see something that shouldn't be taking up that much CPU power. Then do some research on the program that is taking up all those resources to learn how to remove it.

I've heard of some people on Steem getting cryptojacked. Many peopel are now using the No C extension to protect themselves. Good luck not getting bitten by this new malware to make money off of you.


References:


Thank you for your time and attention. Peace.


If you appreciate and value the content, please consider: Upvoting, Sharing or Reblogging below.
Follow me for more content to come!


My goal is to share knowledge, truth and moral understanding in order to help change the world for the better. If you appreciate and value what I do, please consider supporting me as a Steem Witness by voting for me at the bottom of the Witness page.

Sort:  

Personally I would rather approve a script that mines crypto for the profitier as opposed to displaying actual ads. The problem lies in that not all scripts need be approved. Crypto mining without the users consent is 100% theft. I seem to recall an app that was removed from the Apple platform for exploiting just that. It was secretively mining crypto in the background as a way of offsetting the displaying of ads. So long as the consumer knowingly consents to this process all is well however this app had it enabled by default with no clarification with the user. I believe that it’s up to the developer to decide on how to monitize their work. However, their particular means of monitization need to be made clear with the end user and receive consent beforehand. Excellent post, thanks for sharing!

Yes, as along as it's agreed to, fine ;) You're welcome, glad you gained value from the content.

I switched from firefox because they plan to censor "fake news".
I am running Brave browser, the Protection Shields are able to stop one of the things that i always blocked with no-script using firefox and that is google-analytics :)


sorry for steemit i do not allow webs with google name on it :)

I might need to put it to the test (this browser) and see if also those mining scripts are blocked , so far Brave browser looks legit. Maybe i should test moving 3rd party fingerprinting to block all fingerprinting, need to read about what it does :D

Opera browser is adding No Coin to provide protection against this, good for Opera users i guess :)

I just found out about No Coin reading this post, thanks for this post :)

pd: i also have the system monitor open most of the time, since my ram is limited i need to control it so the pc wont freeze, i keep eyes on the cpu graph too, good tips! :)

Thanks for the plug on brave. Will check it out. Are you using an old computer to have such low ram issues?

Yeah is an old school laptop, only 3gb of ram, and that was because i added more ram from another laptop who no longer works :D

Great information. I didn't know it was that easy to take over someone's CPU to power their own.

Why don't some of these cryptojack asses take their skills and talent to a legitimate power level. Maybe some of them just thrive off making a play and getting away with it.

LOL, cryptojackasses, nice one!!! :P

This is quite sad, there are always those who will do harm to others and not be prepared to do the work to get a head but rather steal from others.

Yup, if they can steal to get it and make others work they will.. oh look at government :P

I remember it was done in Dmania although zombee said he was not aware that there was a mining script embed in the code and when it was reported he removed the code so that people who has his condenser open would not be affected by it anymore.

It is very prevalent nowadays.

Didn't know that. I don't like meme things, and people getting $90 for a meme is ridiculous... :/

Many mining platforms have too many ads and, sometimes, we inadvertently click on one of them. There is already the risk of being pirated.
apologize @krnel what mining do you recommend to extract the steem?
Since you have more experience than me. I am new to the world of cryptocurrency.

Steem doesn't have mining anymore, it used to. You blog to mine ;) lol Proof of Brain instead of Proof of Work ;)

Decent adblockers - like uBlock Origin - also usually intercept all mining scripts in the browser. Plus ads, of course.

Good to know that about uBlock, i wont browse the internet without adblockers and script prevention, been doing it since many years, and i am not looking back!

Thanks for the extra tips.

I haven't know any person who was a victim of cryptojacking, just the dmania drama from a few months ago, but since it is difficult to notice if its happening most people wouldn't realize their resources are being abused.

Abut ransomware I do personally know people who were victims. They work on a clinic close to where I live and their system was infected by a ransomware, they didn't pay of course, and ended up losing everything they had in the system.

Damn that sucks... :/

What we don't understand is how profitable for the hackers this would actually be. I mean CPU mining is pretty much worthless at this point (too weak to handle the workload required) which is why we use GPUs. So how many CPUs do hackers have to jack combined for their operation to be worthwhile?

Also, do we have any data on what the biggest coins being mined are?

Just some food for thought...

I don't know, but they are doing it for certain coins. Maybe not the big hitters like BTC, but they are doing it because it works... One commenter has a coin (ETN) example using mobile CPU..

I dont see the point, cpu's are so low powered and even an army of them can't mine any significant amount.

I am currently mining 10 Etn (electeoneum) per day using a spare android phone just for the fun of it. Electeoneum is a crypto that employs the cryptonight algorithm which is most efficient using a cpu as opposed to a gpu rig. It is mostly an effort to combat ASICS as they seriously skew the mining process. Albeit ETN mobile is completely separate from pool mining the usual way the concept is the same.

Hows that working out with the phone then? as in is it worth the time, excuse my ignorance on this, I have never heard you could do it on a phone before.

Electroneum is a "mobile centric" crypto. Their app which is available on android doesn't actually do any mining in the traditional sense. In their ICO they delegated a certain amount of the initial coins to the mobile mining platform. The app runs a custom algorithm that estimates the hashing power of the device and uses that to collect ETN. at a rate of 110 H/s I get about 10 ETN per day. Current market value is $0.02 USD. so about 20 cents a day from a spare device isn't bad.

On the other side of the spectrum, if mining with a decent Core i5 or i7 the traditional way you can net about 3 ETN per day. That's why I say the crypto is entirely mobile centric.

I understand now, thanks for taking the time to explain that, much appreciated.

interesting talks :)