Cryptojacking: Making money is good, using others to make it is even better…
By Risk Performance and Technology group
Original, as it appears on Finance et Investissement – https://www.finance-investissement.com/
A few months ago, I spoke to you about cryptocurrencies and the popular mining syndrome. I told stories of these nouveaux-riches people that could smell the speculative benefits of cryptocurrencies.
In short, a whole world of complexity, which, even before it began to be widespread, had already been overexploited and was quietly becoming obsolete according to experts. It is time now for those who know how to profit from, make use of, manipulate and exploit the ignorance of the uninitiated to join in and “party” at the expense of the most innocent among us.
Cybercriminals have a new hobby: Using your computer to mine cryptocurrencies on their behalf.
Alone, you’re not very profitable. But all of you, everyday Internet users visiting sensationalized sites between noon and 2 p.m., or in the evening to take your mind off things and/or procrastinate a little, are a lot more interesting as a group. Imagine thousands of computers mining simultaneously as one, the unknowing victims of the greed of a young hacker working for a lawless cybercriminal organization.
Ridiculous? And yet, it’s true.
Cryptojacking is a new kind of cyberthreat that impacts poorly protected websites on which insignificant, invisible and seemingly harmless malware is working to turn the Internet user’s machine into a little miner in the pay of someone other than its lawful owner.
Indeed, hackers insert these small scripts with impunity into these vulnerable sites. The user connected to the site doesn’t notice that their computer is heating up, that the machine’s fans are running at full tilt, as if it was computing the most difficult calculations it’s ever had to do. And with good reason, as this is exactly what it’s doing. It’s calculating like never before to try to de-hash the next blocks of a cryptocurrency’s blockchain.
“Well, that’s not that serious!” you say, but, in fact, it is. There are multiple forms of abuse in this mild-sounding story. First, your machine is being used against your wishes to feed and enrich a criminal organization, making you an unintentional accomplice in future crimes. Next, your machine is wearing out faster: Running a processor at full speed is as damaging for a computer as is running a car engine too fast. This is not really recommended. Lastly, the website in which this small invasive script was inserted was hacked and experienced a kind of change, a cyberattack.
So, how do you know if this happened?
How can you detect if your site or the site on which you’re browsing is not, in spite of itself, busily appropriating the technological resources of thousands of computers for the benefit of a group of cybercriminals? You can, for example, visit the Whoismining site and check if the site in question is on the list.
Is this widespread?
Yes. The Tesla site has paid the price for this type of script. Even YouTube has been the victim of this kind of rip-off through scripts cleverly hidden in posted notices or ads and completely beyond the actual control of this famous online video site.
However, it is certainly possible and legal to mine by notifying your Internet users and even letting them share in the profits earned.
In this case, if you decide to insert a script into your own site, you will probably install Coinhive or something similar. But a word of caution: I officially disapprove of this type of practice and strongly encourage you not to take this route. There are many traps, the path is unmarked and there are no rules. Proceed at your own risk.
If you want to limit the risk of cryptojacking, use a lighter, more secure Internet browser. At the beginning of 2018, I would have tended to suggest Opera. Unfortunately, this tip may prove to be less helpful next month because threats arise every day, and hackers are not lacking in creativity when it comes to finding new flaws.
For your safety, use blockers such as uBlock or Adblock Plus to help limit the misuse of your machines.