Bitcoin, blockchain, bitcoin mining, mining bitcoin on the blockchain, using the blockchain to mine bitcoin in order to buy Ethereum so that you can in turn buy stuff on the dark web. Yeah, that doesn’t make a lot of sense. Now, add another word to the already confusing list of cryptocurrency terms: #Cryptojacking.
Cryptojacking however is when a victim’s computing resources are hijacked and used to mine cryptocurrency. On a basic level, this means that the targeted computer’s processor and GPU are used by an attacker to process the complex algorithms as part of cryptocurrency transactions. The resulting reward (coins) from the mining is then received by the attacker.
Currently, there are two flavours of Cryptojacking:
- Via the browser. When a user visits a website that has a cryptomining script enabled, the processing power available from the user’s computer is used, via the browser, to mine cryptocurrency. Mining scripts are often added to compromised websites where mining takes place without a user’s knowledge or consent. The malicious mining seizes once the browser tab for the infected website is closed.
- Via malware infections. Cryptojacking malware running on an infected computer will allow for continuous mining. An example of this is the Powerghost miner.
Cryptojacking is in essence the digital equivalent of someone breaking into your tool shed at night and, instead of stealing your stuff, they use your tools:
Creating amazing wood furniture, those projects you see on Pinterest where a guy with a leather tool belt takes old wood pallets and creates the most amazing chest of drawers within 22minutes, flat.
Is Cryptojacking an issue that deserves priority?
This is a legitimate question, seeing that ‘no one is getting hurt‘.
Let’s continue with our tool shed analogy: You now suspect that someone is making use of your tools at night. Do you interrupt your hard earned sleep and hold a stake out to catch the bugger? Or should you rather focus on the real criminals that might actually steal your stuff?
Although our miscreant is bringing along his own upcycled pallets, he is still using your machinery. Say he does it once or twice a month, that ain’t bad you think. But, unfortunately, he does not have the woodworking finesse of Nick Offerman, and for all you know, he’s doing it every night. Using your electricity, breaking your drill bits, leaving the wood glue bottle open and not to mention the wear and tear of your machinery. Some nights he even let your mitre saw run for 8 hours straight, allowing it to overheat and damage the motor.
This guy is now pretty much spending 12 hours a night, 7 nights a week in your tool shed, which also gives him time to look around the yard. One night during a smoke break, he sees that kitchen window with the broken latch you’ve been meaning to fix for the last 4 Saturdays. Miscreant ponders to himself: “A cup of coffee would sure be nice…”
As you wake up the next morning, you realise that our miscreant was in your kitchen and used your last batch of Legado Guatemalan Finca El Rincon single origin coffee beans to create the smoothest of cappuccinos in your newly Italian imported Rocket Espresso machine.
As you sip on a stale cup of instant coffee (which you think to yourself tastes more like a cardboard box than pure exhilarating caffeine), you decide that this was the last straw… It is time for action. That afternoon , you swing by the local hardware store and buy a new window latch and a proper hardened steel padlock for the shed. “That’ll keep ‘em out” you think to yourself as you lock the shed and smile at the newly fixed kitchen window latch.
The next morning, as you awake from a restful sleep, you stroll down to the kitchen, already planning an amazing breakfast for the missus (eggs benedict with a chili hollandaise sauce and streaky bacon).
“This is going to be the best…. WORST BREAKFAST EVER!!”.
It’s gone. Everything is gone. Your fridge with the eggs and streaky bacon, gone. Your vegetable rack with the fresh chilies, gone. Your Rocket Espresso machine… GONE. As the horror of what could only have happened during the night dawns upon you, your eye catches a glimpse of the open patch of lawn where your tool shed once stood. FREAKIN GONE. How the dangit did someone steal a tool shed and MY ENTIRE KITCHEN?
During the next few hours as policemen walk up and down the yard looking for clues, it dawns upon you. The woodworking miscreant had other skills as well. He wasn’t only a Pinterest level craftsmen, but also a master thief (he was able to carry away your entire kitchen without you waking up), a pretty decent truck driver (reversing a flatbed truck down your driveway and lifting your tool shed takes some work) and a meticulous planner. During the past week of night time craftsmanship, the miscreant cloned your house keys and your gate remotes. This allowed him to open front the gate with a remote, reverse the truck in and unlocked the kitchen door after loading the shed.
Fairly dramatic, yes, but the take home remains:
Cryptojackers aren’t just a nuisance. In the recent case of the Rakhni Miner, upon successful infection, the malware makes the decision if it wants to encrypt your data (Ransomware) or if it is going to use your resources to mine cryptocurrency.
If there are Cryptojackers running around in your environment, it should be a red flag that there are some definite weaknesses that needs to be addressed within your environment.
For further reading on cryptojacking, have a look at the following articles:
- Who and What is Coinhive [Mar 2018]: https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/
- Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked [Mar 2018] https://threatpost.com/cryptojacking-campaign-exploits-drupal-bug-over-400-websites-attacked/131733/
- Cryptojacking: It’s Here, Get Used to It [Jul 2018] https://www.symantec.com/blogs/feature-stories/cryptojacking-its-here-get-used-it
- Cryptojacking for beginners – what you need to know https://nakedsecurity.sophos.com/2018/07/31/cryptojacking-for-beginners-what-you-need-to-know/
- Why Commodity Threats Are Your Company’s Concern [Aug 2018] https://blog.f-secure.com/commodity-threats-companys-concern/