University of Wisconsin–Madison

3 Ways to protect yourself from Cryptojackers

What are cryptojackers?

Cryptojackers use scripts to mine cryptocurrencies on other peoples’ devices.  If you visit their website, download their app, or install their plugin, a JavaScript library starts mining coins, using your device’s processor, power, and bandwidth. While these scripts have legitimate uses, e.g., as alternatives to advertising to support websites, when used without the informed consent of the device’s owner, there is little to distinguish them from malware.

According to this recent AdGuard blog post, more than 500 million PCs are being used for mining without their owners consent. They found that over 200 sites launched mining scripts that ran in visiting web browsers. Browser plugins have also been found to initiate mining without the users consent. Mobile apps and website plugins for popular web content management systems such as WordPress  have been found to also be running mining scripts.

What are Cryptocurrencies, and how are they mined?

There’s nothing sinister about cryptocurrencies; they are simply digital secured by cryptography.  They can be earned by running software that does the automated bookkeeping necessary to keep these currencies going, verifying transactions. Earnings vary depending on the number of transactions verified.  So if someone siphons computing cycles from a large number of computers, there’s a lot of money to be made. It isn’t surprising then, that the unscrupulous are stealing bandwidth, power, and CPU cycles to make money. 

There are, however, ways to avoid becoming a victim of these unscrupulous coin miners.

How to protect yourself

  1. Be alert to changes in your device’s behavior. Visitors to the Pirate Bay website, for example, were tipped off to the site owner’s cryptojacking when they noticed that their computer’s CPU load increased dramatically upon visiting the site.
  2. Avoid websites known or suspected to distribute malware, run mining scripts, and other suspicious behavior.
  3. Use only add-0ns and plugins from known, trusted developers.

What to do if you suspect that your device has been Cyberjacked

What you should do depends on whether your device was used for mining by a  website, browser add-on, mobile app, or web CMS plugin, here are the case by case suggestions for shutting the miner down:

  • Website: close and reopen your browser, and don’t revisit the site.
  • Browser add-on: deactivate and uninstall the add-on.
  • Close and uninstall the mobile app.

After you’ve take the needed steps from the above list, report the incident to the Office of Cybersecurity.

Conclusion

Cryptojacking is on the rise, with hundreds of millions of device owners victimized since Coinhive, the mining script library used in many of the existing outbreaks, was launched in September of 2017. The publisher of Coinhive has released a new version, called AuthedMine, which requires an opt in from the user of the device. While this is an improvement, the old library is still out there. There may come a time when websites are supported by legitimate, opt in mining scripts rather than advertising.  Until then, however, those wishing to avoid having their bandwidth, power, and computing cycles stolen must be vigilant.