Cybercriminals are constantly looking for new ways to make money. They have preferred ransomware for the last two years, but now they are turning their attention to browser-based cryptocurrency mining. Although principles for infecting browsers are well known, it often can be harder to detect such attacks than to detect ransomware. Keep on reading this article if you want to know how to protect against a cryptocurrency mining malware.
The reason for this shift from ransomware attacks is the rising popularity of Bitcoin, Monero, and other cryptocurrencies. For entering the cryptocurrency game you have to either invest into cryptocurrency or provide your hardware for crypto mining.
Crypto mining is a process of making computer hardware perform mathematical operations for verifying cryptocurrency transactions. Anyone with access to the internet and suitable hardware can participate in mining and become rewarded with cryptocurrency. However, cybercriminals use crypto malware for turning someone else’s computers to mine cryptocurrency for them. This type of attacks is also called cryptojacking.
Why cryptojacking is so popular?
In 2017, we saw an increasing number of attacks executed with crypto mining malware that target people’s computers, corporate networks, and government agencies. Kaspersky Lab also reported that nearly 1.6 million of their clients’ computers were infected with crypto malware in 2017.
However, most website owners began to borrow visitors’ hardware without notifying them, while hackers used the Coinhive code to develop their crypto mining malware. As a result, Coinhive was one of the most commonly blocked domains by its users in 2017, as nearly 130 million users blocked Coinhive to express their disappointment for the technology. In 2018, there were 34,474 sites running Coinhive, according to the latest research conducted by Bad Packets.
The main reason for an increasing number of cryptojacking is that it’s more rewardable for cybercriminals than ransomware. Not all victims of ransomware attacks pay for decryption of their data, while crypto malware provides hackers with constant income. For instance, an illegal crypto miner with 2,000 infected computers could turn a profit of nearly $182,500 per year, according to one of the industry reports. When attackers infect websites with millions of visitors, they can gain far more money.
How mining scripts infect computers
In addition, some crypto malware attack computers through known vulnerabilities. For instance, such fileless crypto malware like Adylkuzz and WannaMine used the same attack vector as WannaCry and Petya/NotPetya. All of them took control over victims’ computers through EternalBlue exploit. Another crypto malware known as Smominru also used Esteem Audit exploit that was leaked by Shadow Brokers in April 2017.
Once a mining script is dropped to your computer, it connects your system to a control and command server. After that, it creates a backdoor to allow hackers to install crypto mining software to your computer or abuse legal system processes. While Adylkuzz required downloading CPUMiner for mining cryptocurrency, WannaMine abused the capabilities of PowerShell and Windows Management Instrumentation for this purposes.
In addition, Bitcoinminer.sx, a bitcoin mining malware, has capabilities of updating itself and collecting keystrokes and other crucial data. Moreover, the mining script also adds your system to a mining pool network which consists of other computers that are infected and controlled by hackers.
How to detect crypto malware
Unlike ransomware that encrypts all users’ data, crypto mining code works in the background and is usually unnoticeable for users. Antivirus programs may not always provide bitcoin mining malware detection, especially if this virus has no file.
However, you may notice the following symptoms of crypto miners:
- Your computer started to work slower
- You notice lag in your system performance
- CPU and GPU perform at full capacities even if you didn’t start any processes
- Your electric bill is larger than usual
Cryptocurrency miners are usually very resource intensive, but the latest crypto malware doesn’t use hardware capacities to the full extent in order to stay unnoticeable much longer. In addition to computers, crypto mining malware can also attack smartphones, tablets, and other IoT devices. In case of attacking small devices like sensors, they may even become unable to perform their main functions.
Let’s look closer at how you can protect from crypto malware.
How to protect from crypto miners
Providers of security solutions and browsers are working on developing methods for preventing crypto mining malware, so you can benefit from both of them.
- Install defense for your web browser
While a web advertisement is the most popular way of spreading mining scripts, you can protect against them by installing an add blocker on your web browser. Such ad blockers as AdBlocker Plus can detect crypto mining malware in a browser and prevent its auto execution. Moreover, there is a range of browser extensions that are specially designed for blocking crypto malware, like MinerBlock or No Coin.
- Protect your computer with antivirus software
Popular antivirus software can also block cryptocurrency mining, but they have limitations. While their protection is based on behavior analysis, fileless crypto malware can act as a legitimate process and thus be undetected by antivirus programs.
- Use network security solutions
For mining cryptocurrency, mining software needs to receive and send traffic. It receives new hashes, solves mathematical equations, and then sends data to the server. That’s why some security vendors like SecBI’s system provide browser crypto mining detection by analyzing the network activity.
However, crypto mining traffic is not easy to detect as miners use very short messages. Thus, some vendors pay attention to a periodic sequence of crypto mining traffic. Moreover, crypto miners usually receive short messages, but send long responses, which also can be taken into account. Understanding these indicators, you can issue a rule to your firewall to isolate such traffic and block it even when it’s encrypted.
Moreover, Darktrace developed traffic anomaly detection at the network level that allows detecting subtle deviations in traffic which are easier to notice on thousands of computers. WatchGuard, another security provider, detects network suspicious activity by checking connections to known crypto mining pools.
- Benefit from endpoint defense
Though endpoint defense is considered less effective that network ones, some security vendors are working on its development. For instance, Tripwire solutions try to detect changes in the system and determine if they’re authorized or not. Moreover, some vendors also try to implement machine learning and AI technologies to make their endpoint defense smart enough to detect and prevent crypto mining malware.
Cryptojacking is on the rise today among cybercriminals. Infecting popular websites with crypto mining malware, hackers may use your hardware capacities for mining cryptocurrency. Though these attacks can go unnoticed for some time, they can significantly slow down and wear out your systems. Keep notice on your CPU and GPU loading and use modern security solutions to block cryptocurrency mining in your browser.
Photo via Shutterstock