In the early years of crypto mining, users required specialized equipment and strong technical know-how to indulge in it. But as the technology evolved coupled with the advent of mining software, some cryptocurrencies can now be mined leveraging the processing power of a computer device such as a laptop.
This ease of access to crypto mining software has increased cyber crimes such as crypto-jacking. In particular, recent research shows that about ten million people suffer from crypto-jacking every month. This has made crypto-jacking a growing worry in the industry, making it necessary to know its different types and how to protect yourself against them. Crypto-jacking which can occur through various means entails the illegal use of another person’s computer or mobile device to mine Bitcoin (BTC) and/or other cryptocurrencies.
While most crypto crimes involve the outright stealing of assets from a particular wallet or liquidity pools on decentralized finance (DeFi) platforms, victims of crypto-jacking oftentimes, do not get their assets stolen. Instead, crypto-jackers leverage a victim’s device processing power to mine the cryptocurrency of choice by injecting the device with crypto mining malware. It, therefore, becomes important to regularly update your computer’s security software and be cautious of suspicious emails or files to avoid falling victim to any type of crypto-jacking attacks.
What is Crypto-jacking?
The use of another person’s computer or mobile device to mine crypto without their knowledge or approval is what we mean by crypto-jacking. In other words, it is a form of cyber attack where a hacker hijacks a victim’s computer or mobile device to mine cryptocurrency without the victim’s knowledge or consent.
While the growing increase of crypto-jacking attacks can be attributed to the rise of cryptocurrencies and ease of access to mining software, hackers indulge in crypto-jacking to generate crypto assets without incurring the costs associated with mining equipment or electricity, making it a profitable venture for them.
Crypto-jacking, therefore, has no business with a victim’s crypto holdings as cyberpunks often focus on mining cryptocurrencies using the processing power of the infected computer or mobile device.
How does crypto-jacking work?
Crypto-jacking attacks can be executed via various means but generally, the hacker often installs crypto-mining software or malware on a computer device without the knowledge of the owner. After getting access and mining, the hacker then moves the crypto assets mined to their wallets.
Notably, this malware can be introduced into a victim’s computer device in many ways including phishing emails, malicious websites, and infected software downloads among others.
The malware which runs in the background, uses the device’s processing power to mine cryptocurrency for the hacker. As a result of the malware running in the background, such devices may experience decreased performance, overheating or other issues which can shorten the life of the associated PC, laptops, tablets or mobile devices.
Having known this, to prevent crypto-jacking scripts from executing on your device, you have to keep your device antivirus up to date, avoid downloading files from untrusted sources as well as avoid clicking suspicious links and ads.
Types of Crypto-jacking
File-based Crypto-jacking
In this type of crypto-jacking attack, a hacker hides a crypto mining script or malware in a file. Once this corrupted file runs on a device, it gives the hacker access to mine crypto without the knowledge of the owner of the device. This means that for any crypto-jacker to illegally mine crypto, the malware-contained file must be run on the computer.
One way hackers perform file-based crypto-jacking is through malicious emails. The hacker sends an email with a legitimate-looking attachment or link. Clicking on that link or attachment executes a code that secretly installs a crypto mining script on your device. Notably, the installed script runs in the background of the device without the owner being aware.
Browser-based Crypto-jacking
Also known as drive-by crypto-jacking, it involves an attacker adding malware to a website or online ads such that when a victim visits the corrupted website or clicks on the ad, crypto-jacking malware is downloaded and installed on the victim’s computer automatically without the user knowing.
Thus, a computer device can be compromised and used to illegally mine crypto simply by visiting a malware-infected website. As a guide, if you visit a website with little or no media content and notice an increase in CPU utilization, it could indicate that crypto mining scripts are running in the background.
Host-based crypto-jacking
Unlike file-based or web browser-based crypto-jacking, this type of crypto-jacking occurs when a hacker installs malware directly on a computer device. This can be achieved by using different ways including a fake application, malicious email attachments or by inserting the malware into the supply chain of a legitimate software provider.
Cloud Crypto-jacking
In cloud crypto-jacking, the hacker gains unauthorized access to a cloud-based infrastructure to mine cryptocurrency using its computing power. In most cases, the hacker exploits security flaws or other vulnerabilities such as misconfigured APIs or poor authentication mechanisms to get this illegal access and distribute crypto-mining malware.