Crypto Mining Malware

Overview

Crypto mining malware refers to software programs and malware components that take over a computer to use its resources for mining cryptocurrency without the owner’s permission. Cybercriminals and hackers are using this software to highjack the processing power of computers, smartphones and other devices for the generation of mining revenue, often to the tune of $30K per month. The underlying concept involves tapping into the power of devices without the users suspecting foul play or knowing at all. Be it running JavaScript onto web browsers or bringing down entire corporate networks by completely draining them of power, crypto mining malware deploys crypto jacking threats for unscrupulous gains. This malware has nothing to do with user data and devices can still be accessed, but speed and performance are compromised. Mobile devices may overheat to the point of being permanently damaged.

It is estimated by ad blocking frim AdGuard that more than 500 million users are mining cryptocurrencies without realizing it. These computers either get infected by a malware program or they visit websites running the mining software in the background without their consent. Some target laptops and desktops, others target smartphones and tablets. YouTube was recently affected and the platform crypto jacked to run advertisements on viewer’s devices. The attack drained considerable levels of electricity and CPU power from gadgets of targeted users from Spain, Italy, France, Taiwan, and Japan. The fraudulent miners were able to keep the proceeds.

Browser-Based Crypto Jacking

Web or browser-based mining uses software located on the site server and the resources of the site visitor’s computer. Some dishonest webmasters are using this technique to monetize their site without the consent of visitors, but browser developers have been effective to block this practice. To try browser mining requires no installation of special software, one simply registers with the service provider and opens certain pages in their browser to start the browser-mining procedure. It is not very profitable at all unless of course, one is highjacking millions of computers in which case it can be very profitable.

Cryptojacking has ramped up because it is safer than ransomware which requires actual interaction with the victim of the crime to collect payment. It is easier to infect computers than to hack into servers and most victims remain completely unaware. Attackers are also using a scripting language, taking advantage of software that’s legitimately used on computers and systems for an illegitimate reason. Corporations and educational institutions are particularly at risk and the resulting increase to electric bills could serve as an indicator of illicit activity, but it won’t help track down the culprit. When the crypto mining software is deliberately installed by a legitimate user, detecting it is even more challenging.

How to Block Browser Crypto Mining

If you visit a website that informs you a crypto miner is being used, and you’re good with it, then there is no harm. You do have to consider the load being placed on your CPU, and a website that notifies visitors will let you know how much processing power it intends to use. You can tell if your browser is being used if you see a huge spike in CPU usage when visiting a particular website.

If you want to block your computer from being used by websites that mine crypto using your computer, here are some steps you can take:

1. Use Malwarebytes for home or business computers. Not only will it protect your computer from crypto jacking, but your complete device will also be under protection. Malwarebytes stops the installation of many bundlers and Trojans that drop crypto miners on your system, as well as blocking the domains of the most abused scripts and mining pools.
2. Use NoScripts in Firefox. You should be aware that NoScript is pretty aggressive and will break websites because it disables JavaScripts running on pages. However, it is effective.
3. One guaranteed way to defend against browser-based crypto jacking is to turn off JavaScript. A nuclear option since JavaScript is used for legitimate purposes across the web on many, many sites.
4. Ad blocker extensions can help you block sites crypto mining, depending on your web browser. You have to know the actual URL to block a specific ad so this is not the best option.
5. Manually block particular domains that coin mine to keep your browser from connecting to them at all in hosts file.
6. Use minerBlock Chrome extension which is an open-source tool that blocks cryptocurrency mining. It lists a few popular miner domains on a list.
7. Use No Coin Chrome extension as a straightforward method to stop web browser mining. it is open-source, reliable and safe for those websites interacting with your browser.

Here is a list of popular coin mining services one needs to block to avoid having their browser used when visiting them, either on purpose or by accident.

•         coinhive[.]com
•         load[.]jsecoin[.]com
•         crypto-loot[.]com
•         coin-have[.]com
•         ppoi[.]org
•         cryptoloot[.]pro
•         papoto[.]com
•         coinlab[.]biz

Protection Options

It isn’t just computers that are vulnerable to this malware. Anything with computing cycles can be used and many of us have items with an IP address that are connected to the internet. All these devices can be connected to make one supercomputer to mine cryptocurrency. One electronic thermostat is not really going to be that profitable but a hundred thousand of them in one big mining pool is enough to make a significant profit.

It is highly advisable to keep devices updated with necessary security patches at all times. This minimizes vulnerability to a variety of cyber threats, including crypto mining malware.