Cryptojacking: How to Guard Against Cryptocurrency Criminals
Author: Vishnu Varadaraj, Senior Director of Engineering Consumer Division at McAfee
As cryptocurrency continues to surge in popularity, coin mining has become not just an appealing hobby, but for some a new and lucrative career.
Mining requires incredible amounts of electricity and the more CPUs involved, the more cryptocurrency can be mined. Usually, the utility bills and the cost of running coin mining software negates any profit. This has tempted some cryptocurrency miners to resort to malicious means to gain the computing power needed.
Consider that the average CPU processes approximately 500 hashes per second on the Monero network (a type of cryptocurrency). However, 500 hashes per second translates to less than a dollar per week in traditional currency. To earn more without investing in boosting their own computing power, cryptocurrency miners look to hijack other people’s devices (usually through malware) to reroute their targets’ computing power towards their own mining operations.
To do so, criminals download coin mining software to a device and then program it to report back to their server. The device’s thinking power is diverted from the owner and funneled straight to the criminal’s server that now controls it.
This is called cryptojacking.
How To Tell If You Are Being Cryptojacked
To make sure you and your devices are not victims of cryptojacking you should first keep an eye out for the signs that your device is being used for cryptomining without your permission. Most notably, compromised devices run considerably slower or your computer’s fan is straining to keep up for no apparent reason.
How to Stay Safe from Cryptojacking
Like most cybersecurity issues, there are easy and manageable steps that can be taken to keep you and your devices safe:
1. Keep an eye out for phishing scams
The most common way for personal devices to become infected is through phishing within emails and texts. Learning to spot the signs of phishing scams is essential in keeping you and your devices safe. Often, they include poorly written text and use language that pushes for a quick response. Phishing scams often masquerade as official organizations, such as banks or charitable organizations. Do not open or respond to anything you deem suspicious and instead contact the organization’s customer support to verify if the message is legitimate.
2. Protect yourself with ad blockers
Another way miners often gain access to personal devices is through the camouflaging of malicious code in pop-up ads. An easy way to avoid being cryptojacked through these means is to simply never click on these ads. Or even better, install an ad blocker to help eliminate the risk entirely.
3. Connect to a VPN when using public w-ifi
Using public wi-fi or poorly protected networks can leave you vulnerable to cybercriminals looking to hack your devices, as they can attempt to download software remotely to your laptop, desktop, or mobile device to reroute its computing power for their mining purposes. Always make sure you are connecting to a VPN to safely surf unsecure networks.
4. Keep up to date with antivirus software
Cryptojacking code is often inconspicuous and almost always hidden in legitimate code. Antivirus software, such as McAfee Total Protection, proactively scans for malware and identifies fraudulent websites to ensure you do not leave yourself exposed to cybercriminals.
By sticking to these cybersecurity best practices, you can ensure you are not vulnerable to cyberattacks, and more specifically, to the new dangers of cyrptojackers.