GruntWorx Featured Post

You Might Have Been Cryptojacked

There’s a familiar sound that could spell trouble for your computer: the whirring of your CPU fan.

In a development that should surprise no one, cybercriminals are hacking into computers and using them to mine cryptocurrency. The tell-tale sign of your computer being used to illicitly mine cryptocurrency—or “cryptojacked”—is your CPU fan working overtime while the system is seemingly at rest.

What is cryptocurrency mining?

To mine cryptocurrency, an individual needs to connect to the network that maintains the blockchain ledger for that currency and begin trying to validate the most recent batch of transactions. To validate transactions, the miner needs to solve a randomly generated, increasingly difficult puzzle. And that means dedicating a steadily increasing amount of computer power.

When you’re talking about a cryptocurrency like Bitcoin, it takes some substantial hardware to effectively mine coins. Since many Bitcoin mining operations feature warehouses full of cutting-edge computers that are solely dedicated to that task, it can prove nigh-impossible to be a successful one-computer Bitcoin-mining operation.

Unfortunately, cybercriminals looking to make a quick buck—or a quick $7,505.53 if they’re trying to get their hands on a single bitcoin—don’t feel confined by things like “the law,” and they’ve found a way to use your computer to make them money.

What is cryptojacking?

According to Wired.com, cryptojacking began as the dubious—and generally undisclosed—practice of websites using background-running scripts to borrow a visitors’ computing power to mine cryptocurrency while the webpage (or browser tab) is open.

Cybercriminals saw this as an opportunity, and they began inserting similar scripts onto websites that were not already engaged in the practice. (In February, some UK and US government sites were infected.) To make matters worse, cybercriminals developed a method for continuing to siphon site-visitors’ resources after they close down the browser by hiding a new browser tab on the desktop.

While some sites have begun asking visitors to opt in to cryptojacking, cybercriminals aren’t exactly inclined to advertise what they’re doing.

How do I know if my computer has been cryptojacked?

Aside from your CPU fan kicking into overdrive, the first sign that you’ve been cryptojacked is your computer running very slowly—so slow, in fact, that you might suspect your system has been infected by a virus.

Since a virus scan can take some time to rule out a malware infection, your new first step should be to open the Windows Task Manager to look for web browsers that are hogging CPU usage. The good news is that you can close the browser—even if it’s otherwise not visible on your desktop—from within Task Manager.

What can I do to prevent being cryptojacked?

“Install and regularly run anti-virus and anti-malware software” may sound like tired, clichéd advice, but it’s a first line of defense against most illicit software. The problem is that cybercriminals design their cryptojacking scripts to avoid detection. That isn’t to say you shouldn’t do away with your security software, but it does mean that a “clean” reading isn’t always accurate when it comes to cryptojacking.

Many web browsers—like Firefox and Chrome—have extensions that are designed to block cryptojacking scripts. But, just as is the case with security software, browser extensions aren’t a silver bullet. If a cybercriminal creates a script that is unknown to the security software or browser extension, it’s unlikely to be detected.

The scorched-Earth solution is turning off JavaScript.

How do I turn off JavaScript in Chrome?

Turning off JavaScript in Chrome is straightforward:

Menu > Settings > Advanced > Content Settings > JavaScript > Blocked

How do I turn off JavaScript in Firefox

Turning off JavaScript in Firefox is a little less intuitive for those who don’t feel comfortable with technology. You have to open the Firefox browser and type a command in the location bar—about:config—then hit the Enter key or click the Go to the address in the Location Bar arrow to bring up a page stating that continuing could void your Firefox warranty.

After clicking the I accept the risk! button, you need to scroll down to “javascript.enabled,” right-click that row, and select Toggle. (In the case of Firefox, you have to decide whether turning off JavaScript is worth the possibility of voiding your warranty.)

Remember that turning off JavaScript will also impact your browsing experience: say goodbye to watching Netflix on your JavaScript-disabled browser.

Will the problem get worse?

It’s hard to predict how cryptojacking will continue to affect people surfing the Internet. If I had to guess, I’d say the legal variety will probably continue, and more companies will probably choose an opt-in model—at least until there’s a legal challenge to the practice. Your guess is as good as mine when it comes to predicting court-case outcomes.

Until there’s a software solution, treat it as you would any other virus: install security software, be mindful of system slowdowns, and check CPU usage in Task Manager.

Good luck out there.

Browse By Topic

Paste your AdWords Remarketing code here
Browse GruntWorx

GruntWorx, LLC.