Cryptojacking, the 2018 Hacking Trend
Each year there's always some sort of internet security issue that people shout from the rooftops about. This year it has been Ransomware which well and truly came to the forefront with the WannaCry attack on the NHS and the NotPetya attack that caused major financial damage to the US.
We have also seen that 2017 has been the year of the cryptocurrency with Bitcoin reaching unfathomable heights. So it is no surprise that the hacking community is getting stuck into the cryptocurrency business with their latest security exploits.
Cryptocurrencies like Bitcoin are generally generated by mining systems made up of high spec machines that are able to run a series of intense algorithms in order to generate new bitcoins that can be added to the public ledger. The process of mining is resource intensive meaning there is usually a high electrical charge to the person mining the currency.
This is where hackers have come up with a new work around. Instead of investing in physical mining systems, they are leveraging the vast number of machines who have a connection to the internet and forming their own cloud based mining system which costs them nothing. This is done by writing a java script that leverages the unused CPU resources of your machines to run the algorithms needed to generate their cryptocurrency of choice and hosting it within many legitimate websites.
What does this mean for you? Well number one, your PC/laptop will start running 100% of your CPU but you may not notice any change in performance. However, this in turn will mean that your laptop will be drawing more power meaning that you are footing the bill to create spendable currency for a stranger.
Coinhive published their script that mines cryptocurrency Monero in September and has already been implemented by torrenting site The Pirate Bay as a way of raising funds without relying on advertising. Since September however, there has been a sharp increase in java scripts appearing on the internet especially as hackers have now figured out how to inject these scripts into innocent websites including Showtime the online video content streaming service. Meaning that you might log on to watch your favourite TV show and end up spending money on electricity and making someone else that little bit more well off.
If you suspect a website of cryptojacking you can protect yourself by adding them to an ad-blocking extension in your browser. Another option is to utilise a new extension written by developer Rafael Keramidas. No Coin blocks any script that may be forcing your machine to give up the spare CPU resources to mine cryptocurrencies.