Cryptojacking - Neuroon Networks

Breaking

Saturday, August 18, 2018

Cryptojacking

What is Cryptojacking???

Cryptojacking is defined as the secret use of your computing device to mine cryptocurrency. Which means an attacker uses you computing device and computing power to mine cryptocurrency without seeking prior permission from you. An attacker do this by hijacking your device. So this attack method is called as cryptojacking.


How it works?

Normally cryptojacking happens when you browsing the Internet and have landed on a website that is cryptojacking noob Internet users. And the funny thing is, it even doesn’t require the user being attacked to download or click on anything (not all times). Instead, it just requires the user to browse the malicious website.

Hackers have two primary ways to do cryptojacking. One is to trick victims into loading cryptomining code onto their computers. This is done through phishing-like tactics. For an example the victim receives a legitimate-looking email that encourages them to click on a link. The link runs code that places the cryptomining script on the computer. The script then runs in the background as the victim works.

And the other method is to inject a script on a website or an ad that is delivered to multiple websites. Once victims visit the website or the infected ad pops up in their browsers, the script automatically executes. No code is stored on the victims’ computers. Whichever method is used, the code runs complex mathematical problems on the victims’ computers and sends the results to a server that the hacker controls.

Cryptojacking Methods

  • Facexworm : Malicious chrome extension
  • WinstarNssmMiner : Scorched earth policy
  • Exploiting an rTorrent vulnerability
  • Serving cryptominers through Github

Ways to protect yourself

It is still not clear whether cryptojacking is legal or illegal, but it surely is unethical as noob Internet users are being robbed of their resources without any incentive.

1. Turning off your JavaScript in the browser.
2. Use endpoint protection that is capable of detecting known cryptominers.
3. Maintain browser extensions.
4. Install an ad-blocking or anti-cryptomining extension on web browsers (my recommendation).
5. Keep your web filtering tools up to date.
6. Use a mobile device management (MDM) solution to better control what’s on users’ devices.

No comments:

Post a Comment