Crypto Jacking: On How You Watching Cat Videos Fuels Crypto Scammers
Are you watching a video on Youtube or are you unwillingly and unknowingly creating cryptocurrency for a cybercriminal?
Scammers are never short of ideas when it comes to scamming people.
They really have the most fertile imagination and one of this geniusly machiavelic idea they have came up with is you giggling at cat antics in videos being transmuted into cryptos.
It’s called cryptojacking.
Cryptojacking is simply put the use of a person’s computing power to generate cryptocurrency without this person ever knowing about it.
On november 2022, Kaspersky experts reported more than 230% growth in the number of cryptojacking!
So, in today’s article, we will deep dive into this one-of-a-kind cryptocrime and teach you how not to become the unaware victim of it.
Cryptojacking — Creating crypto for “free”
Cryptojacking is creating cryptocurrencies through the mining process.
But instead of mining themselves cryptocurrencies, which is excessively costly due to its ravenous electricity appetite and computing power, cybercriminals would rather bankrupt you or an unfortunate company instead.
Cryptojacking is unfortunately absurdly easy to implement and hard to detect for victims:
Unknowingly, by simply clicking on a link in an e-mail, for example, the victim will install a programme with malicious scripts which will allow the cybercriminal to access their computer or other connected devices and start mining cryptocurrencies.
The script will execute complicated mathematical operations on the victims’ computers, stealing processing power from the victim’s devices and transmits the results to a server under the hacker’s control without compromising the device’s data.
The code is easy to deploy, runs in the background, and is difficult to detect. — Rob Sobers
Cybercriminals primarily mine on personal computers their very favorite cryptocurrency, Monero. If you want to deep dive into the why, we explain why Monero is the crypto of choice of cybercriminals here:
The MOs
Cryptojacking methods are either file-based, browser-based or cloud-based!
File-based cryptojacking. File-based cryptojacking is a type of cryptocurrency mining attack that involves the use of malicious files, often distributed through deceptive or seemingly legitimate means, to secretly mine cryptocurrencies on a victim’s computer or device without their knowledge or consent.
Cybercriminals typically disguise the malware as benign files or documents, often delivered through methods such as malicious email attachments, infected downloads, or compromised software installers.
The victim is usually required to take some action, such as opening an email attachment or downloading a file, for the cryptojacking process to begin. However, this action may appear harmless or routine, making it difficult for the victim to recognize the threat.
Once the malicious file is executed or opened, it contains code that initiates the mining process for cryptocurrencies like Bitcoin, Ethereum, or Monero.
Browser-based cryptojacking. Browser-based cryptojacking infiltrates through web browsers and utilizes IT infrastructure to inject malware. Hackers craft crypto mining scripts using programming languages and discreetly insert them into websites. When users visit these compromised sites, their computers unknowingly download and execute the script’s code through advertising networks and exploits outdated or vulnerable WordPress plugins for example.
A terrifying example would be when a cryptojacking malware infiltrated a UK government-developed plugin, namely UKGovMine, which had widespread adoption across thousands of governmental and non-governmental websites!
Popular platforms like YouTube and media content providers have become prime targets due to extensive user engagement. Cybercriminals have even combined Google ad packages with cryptojacking malware on YouTube: the compromised advertising package engaged in illicit cryptocurrency mining while youtube users were innocently watching their fav videos.
One of cryptojackers’ favorite tool is Javascript. They often employ JavaScript code inserted into websites or online advertisements which automatically activates when loaded by the victim’s browser. The code discreetly installs the cryptojacking script in the background while the unknowing victims are frolicking in the world wide web!
Cloud-Based Cryptojacking. Hackers engaging in cloud-based cryptojacking seek access to a company’s documents and source code by searching for vulnerabilities, weak security configurations, or exposed application programming interfaces (APIs) that allow them to enter the cloud environment.
Once inside the cloud infrastructure, the attackers harness the vast computational power and resources available in the cloud. They utilize the cloud’s central processing units (CPUs), graphics processing units (GPUs), and other computing resources to perform the resource-intensive calculations required for cryptocurrency mining.
How To Detect and Prevent Cryptojacking
As cryptojacking exists to exploit computing power and use your electricity, you will see slower computer response times or shut down, increased CPU usage, overheating of your device’s battery and unexpected mind-blowing increase of your electricity bills.
If you detect one of more of those signs, you could possibly be facing cryptojacking.
Here’s how to prevent and protect yourself from them:
1.Use anti-crypto mining browser extension to detect and block malicious malware code
2. Use privacy-focused ad blockers or ad blockcing browsers like Brave to prevent cryptojacking through them
3. Disable JavaScript to prevent your device from becoming infected with a cryptojacking software
Stay Vigilant, Stay Safe!
About us
Nefture is a Blockchain Security Company that secures crypto transactions!
With Nefture Security, within ✨seconds ✨ you can know if your wallet has been compromised and get your wallet security audit for free.
Check if your wallet is compromised now⚡https://www.app.nefture.com/
