View Prices £ or or $
Ministry of Defence BT Inmarsat Science & Technology Facilities Council

Cryptojacking is on the rise

Cryptojacking is the unauthorised use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser. Either way, the cryptomining code then works in the background as unsuspecting victims use their computers normally. The only sign they might notice is slower performance or lags in execution.

Crypto 1Cryptojacking is on the rise

Crypto mining is in its early stages and it’s predicted that there’s a lot of room for growth and evolution. Hackers see cryptojacking as a cheaper, more profitable alternative to ransomware, as with ransomware a hacker might get three people to pay for every 100 computers infected. With cryptojacking, all 100 of those infected machines work for the hacker to mine cryptocurrency. The hacker might make the same as those three ransomware payments, but crypto mining continuously generates money.

The risk of being caught and identified is also much less than with ransomware. The crypto mining code runs surreptitiously and can go undetected for a long time. Once discovered, it’s very hard to trace back to the source, and the victims have little incentive to do so since nothing was stolen or encrypted.

How cryptojacking works

Hackers have two primary ways to get a victim’s computer to secretly mine cryptocurrencies. One is to trick victims into loading cryptomining code onto their computers. This is done through phishing-like tactics: Victims receive a legitimate-looking email that encourages them to click on a link. The link runs code that places the cryptomining script on the computer. The script then runs in the background as the victim works.

The other method is to inject a script on a website or an ad that is delivered to multiple websites. Once victims visit the website or the infected ad pops up in their browsers, the script automatically executes. No code is stored on the victims’ computers. Whichever method is used, the code runs complex mathematical problems on the victims’ computers and sends the results to a server that the hacker controls.

Staying safe from cryptojacking

Staying safe isn’t actually too difficult. There are two main methods.

  1. Browser Extensions:There are several anti-mining specific extensions for Chrome (the browser with the highest rate of cryptojacking). Try No Coin or Miner Block. These open-source extensions are a reliable and safe way to control how a website is interacting with your web browser. As soon as you visit a website, they will detect and show if any such activity is going on.
  2. Script Blockers:Blockers focus on mining scripts and there are some excellent script blockers available for Chrome and other browsers. uBlock Origin has an excellent array of script blocking lists.

As we have seen, cryptojacking isn’t an enormous problem — yet. But as more sites realise it is a potentially lucrative revenue stream there may well be an increase.