Your internet connection is slower than usual, your PC is also very slow, and you notice that your CPU fan is running faster when you are on a given website.
All the above symptoms indicate that you could be a victim of cryptojacking. This is a new kind of menace in which malicious users or the hosts of a given website try to capture the visitor’s computer CPU cycles to mine cryptocurrency like Bitcoin or Monero.
Cryptocurrencies are generally reliant on users “mining” – or dedicating CPU resources to solving a complex algorithm – to create new units. In effect, time and CPU resources are used to generate money.
What makes this attack stealthy and nasty is the fact that for the most part the end user is not even aware that this is happening to him. The websites make money at the expense of the user’s computing power. Ideally, it could be termed “theft of computing resources.”
The concept of “end-user” consent is not enforced which raises serious ethical concerns on this issue.
In addition to ignoring end-user consent, cryptojacking can cause wear and tear on their machine, potentially effecting the machine’s lifespan and performance. In an enterprise environment, this could equate to significant costs if large numbers of its machines fell victim to cryptojacking.
An overview of how this attack works
One legitimate script miner states that a website that gets a million visitors in a month may earn up to an average of $116 worth of Monero.
Some reasons as to why this is unethical and dangerous:
- Cryptojacking is not only a threat but a theft when no opt-in/opt-out mechanism is provided to the user. Note that even with an opt-in approach, potential issues, such as computer wear and tear, cannot be ruled out
- Gaining access to a user’s resources without his consent is deemed illegal in many regions including European Union. This would call for data protection and privacy laws to be revisited
- If a user visits multiple sites with this kind of injected script and opens them in multiple tabs, then his system resources can be exhausted
- The visitor’s computer’s performance may degrade over time as system resources are reallocated to mining processes
How to protect the systems
Some ways to protect your systems:
- Use the Task Manager (Windows) or Activity Monitor (Mac OS X) utilities to monitor for sudden spikes in resource usage when visiting a given website. Such behavior could indicate that you are affected by cryptojacking by that site
- Browser extensions like “No Coin” are available on Google Chrome and Firefox
Threats like these indicate the need to be proactive in educating the users of the system to secure their browsers. The add-ons, themselves, could be used to deliver potential malware, modify the web page content, perform file execution, etc.
This calls for a greater diligence in sharing the do’s and don’ts with the users of the systems, having a best practice checklist, refined security testing strategy to detect these kind of stealthy issues, identifying vulnerabilities in the front-end code which can be exploited to make this attack even worse, and staying up to date with the security documentation of UI technologies like Angular JS, Java-script etc.
List of References