University of Wisconsin–Madison

3 ways to protect yourself from cryptojackers

What are cryptojackers?

Before we answer that question, let’s stop and define another important concept, cryptocurrency.

What are Cryptocurrencies, and how are they mined?

There’s nothing sinister about cryptocurrencies like Bitcoin, or Monero; they are simply digital currencies secured by cryptography. They can be purchased outright, or earned by mining, i.e., running software that does the automated bookkeeping necessary to keep these currencies going. Earnings vary depending on the number of transactions verified.  The more computing cycles are available to a would-be miner, the more money can be made. It isn’t surprising then, that the unscrupulous are stealing bandwidth, electricity, and CPU cycles to boost their earnings.

Cryptojackers defined

Now back to the question “what are cryptojackers?” Cryptojackers are malicious hackers who trick users into running cryptomining scripts on their devices without the users’ consent. If you visit their website, download their app, or install their plugin, a JavaScript library starts mining coins, using your device’s processor, power, and bandwidth. While these scripts have legitimate uses (e.g., as alternatives to advertising to support websites), when used without the informed consent of the device’s owner, there is little to distinguish them from malware.

The rise of cryptojacking

According to this recent AdGuard blog post, more than 500 million PCs are being used for mining without their owners’ consent. They found that over 200 sites launched mining scripts that ran in visiting web browsers. Browser plugins have also been found to initiate mining without the users consent. Mobile apps and website plugins for popular web content management systems such as WordPress  have been found to also be running mining scripts.

There are, however, ways to avoid becoming a victim of these unscrupulous coin miners.

How to protect yourself

  1. Be alert to changes in your device’s behavior. Visitors to the Pirate Bay website, for example, were tipped off to the site owner’s cryptojacking when they noticed that their computer’s CPU load increased dramatically upon visiting the site.
  2. Avoid adult themed websites; the Bleeping Computer recently reported that half of all cryptojacking scripts are to be found on pornography websites. Sites concerned with media piracy, or the darkweb should also be presumed risky as regards cryptojacking in particular and malware in general.  
  3. Use only known, trusted add-ons, plugins and apps. Before downloading check the following information:
    1. Is it well reviewed?
    2. Does it have many downloads?
    3. Is it regularly updated?
    4. Be careful when downloading; dodgy apps, plugins or add-ons often appropriate the name or icon likeness of trustworthy software; be careful to download the one you want and not a copy-cat.
    5. When in doubt, use your favorite search engine to see if problems have been reported

What to do if you suspect your device has been Cyberjacked

What you should do depends on whether your device was used for mining by a website, browser add-on, mobile app, or web CMS plugin, here are the case by case suggestions for shutting the miner down:

  • Website: close and reopen your browser, and don’t revisit the site.
  • Browser add-on: deactivate and uninstall the add-on.
  • Close and uninstall the mobile app.

After you’ve take the needed steps from the above list, report the incident to the Office of Cybersecurity.

Conclusion

Cryptojacking is on the rise, with hundreds of millions of device owners victimized since Coinhive, the mining script library used in many of the existing outbreaks, was launched in September of 2017. The publisher of Coinhive has released a new version, called AuthedMine, which requires an opt in from the user of the device. While this is an improvement, the old library is still out there. There may come a time when websites are supported by legitimate, opt-in mining scripts rather than advertising. Until then, however, those wishing to avoid having their bandwidth, power, and computing cycles stolen must be vigilant.

If you have questions about cryptojacking, or other topics related to your online security, contact the Office of Cybersecurity.


Edit: Updated February 22, 2018