avatarMartin Thoma

Summary

Cryptojacking involves the unauthorized use of computational resources to mine cryptocurrencies, with significant historical incidents affecting major entities and presenting a challenge for both server administrators and users.

Abstract

Cryptojacking is the unauthorized exploitation of computational resources for mining cryptocurrencies like Bitcoin and Ethereum, often without the victim's knowledge. Unlike ransomware, which locks data and demands payment, cryptojacking secretly uses system resources, aiming to remain undetected. The popularity of cryptocurrencies has made such attacks more prevalent, with Monero being a common target due to its suitability for mining on standard CPUs. Notable incidents include the use of Starbucks' Wi-Fi to mine cryptocurrencies and the exploitation of Tesla's public cloud for the same purpose. Attacks are executed through JavaScript injection on websites or by leveraging leaked cloud secrets and misconfigured servers. Prevention involves server administrators maintaining vigilance against XSS vulnerabilities and users employing ad-blockers or disabling JavaScript, although the latter can significantly impair web functionality. Detection methods include monitoring for extreme CPU usage and analyzing network traffic patterns.

Opinions

  • The author suggests that while cryptojacking is a serious issue, it is less damaging than other security breaches like data theft or ransomware, as it primarily affects computational resources rather than data integrity.
  • The author implies that server administrators should prioritize general security practices, such as setting billing alerts and addressing XSS vulnerabilities, rather than implementing cryptojacking-specific defenses.
  • There is an opinion that the ease of detecting cryptojacking due to its impact on system performance makes it a less threatening form of cyberatt compared to those that can silently compromise data.
  • The author indicates a preference for proactive security measures, such as not storing sensitive information like AWS secrets in public repositories, to prevent cryptojacking and other security incidents.
  • The author encourages readers to engage with their content on application security, suggesting a commitment to educating the public on various cybersecurity topics.
  • There is a subtle endorsement of using ad-blockers with specific blocklists to mitigate the risk of cryptojacking for end-users.
  • The author expresses enthusiasm for writing about software development and technology, inviting readers to subscribe to their newsletter or join Medium to support their work.

Cryptojacking ๐Ÿ˜ˆ

What it is, why it matters, how itโ€™s done, and how to prevent cryptojacking

Photo by Kanchanara on Unsplash

Cryptojacking is the unexpected and unwanted use of computational resources to mine crypto-currencies. Itโ€™s hijacking resources to mine crypto-currencies.

Donโ€™t confuse it with ransomware doing crypto-locking. Crypto-locking prevents you from accessing your data and uses blackmailing to get money. Cryptojacking uses your computational resources like a parasite, but they donโ€™t touch your data and they might even try to not use too much in order to stay undetected for longer.

Crypto-currencies such as Bitcoin (BTC) and Ethereum (ETH) have gained a lot of popularity in 2021 / 2022. Before 2020, they only were used by few people and the total market capitalization was pretty low. For this reason there wasnโ€™t a lot of money to make with them.

Let me give you a Tweet-length explanation how crypto-currencies allow you to convert computational resources into money: Every crypto-currency needs to ensure that their is a shared ground truth of who owns what over a large network of independent nodes (a consensus protocol). The clearest way how to do that in a secure manner is called โ€œProof of Workโ€ (PoW): You make a computationally hard task and the first one who solves the task may change the state of the database. To incentivize people, you allow people to spend a bit more of the cryptocurrency than previously existed. The person who solves the computationally hard work is called the โ€œminerโ€ and the โ€œmining rewardโ€ is how they get money.

Monero was pretty popular to mine crypto in cryptojacking attacks. One reason might be that most serious Bitcoin / Ethereum mining use so much computational power via GPUs and custom chips (ASICs) that cryptojacking would not be cost-effective enough.

More about that in my articles:

Why Cryptojacking matters

  • 2017: Starbucks cafeโ€™s wi-fi made computers mine crypto-currency (source)
  • 2018: Hackers Enlisted Teslaโ€™s Public Cloud to Mine Cryptocurrency (source)
  • 2018: Unsecured AWS led to cryptojacking attack on LA Times (source)
  • 2020: AWS Cryptojacking Worm Spreads Through the Cloud (source)
  • 2021: $45,000 AWS Crypto-Mining Hack Generates $800 of Monero (source)

How are Cryptojacking attack executed?

There are two simple and common ways:

  • JavaScript injection in Websites: If an attacker can make your website include JavaScript, they can make all users of that website mine crypto-currencies for them. In-Browser cryptojacking is inefficient, but itโ€™s possible. Thatโ€™s what happened to Starbucks users in 2017. Coinhive was famous for being used by cryptojackers.
  • Leaked Cloud Secrets: People often accidentally put their AWS secrets into public Github repositories. They might delete the secrets eventually, but they forget that they are still in the git history. Attackers can scrape Github (or other source code hosting sites like Gitlab) and use them. Cryptojacking provides them with a simple way to convert those keys to money without blackmailing.
  • Misconfigured servers: Some servers are configured in the wrong way or simply donโ€™t require passwords where they should. This can allow attackers to execute arbitrary code. Maybe it doesnโ€™t directly allow access to confidential data, e.g. when itโ€™s a test system. But with cryptojacking the attacker does not have to steal data to make money. Tesla had the issue of a misconfigured server which was detected in 2018.
  • Supply-chain attacks: Instead of going directly for your services, attackers might target commonly used software and include cryptominers in them. Malicious open source maintainers could even include them directly.

What can I do to prevent Cryptojacking attacks?

There are two sides to defending against cryptojacking: Server admins and website users.

When admins are affected by cryptojacking, something else had to be severely broken beforehand. You should have billing alerts, but I would not do anything specifically against cryptojacking. In the end, loosing money due to too many resources being used might be way cheaper and easier to detect than leaking your customers data or being blackmailed as somebody can shut down your servers.

If somebody was able to include a cryptominer into your website, you have an XSS vulnerability:

You should deal with that in the same way as you would with other XSS vulnerabilities. For a business, the cryptojacking attack is way less damaging and easier to detect than leaking customer / business secrets.

As a user, itโ€™s very annoying if websites use too many resources. No matter for which reason. But itโ€™s only annoying and doesnโ€™t really do harm. You might run out of battery sooner and your screen might freeze. Ad-blockers might help with that, e.g. this blocklist seems to have cryptominers on it. However, the location of the cryptominer can easily change and also fingerprints for those scripts can easily be adjusted. The only effective way to prevent cryptomining is to disable JavaScript, but that makes most of the internet unusable nowadays.

How to identify Cryptojacking

You can identify cryptojacking by extreme CPU usage. The network traffic might also help (source, source). Code-complexity was also successfully used to detect in-browser cryptojacking (source).

Whatโ€™s next?

In this series about application security (AppSec) we already explained some of the techniques of the attackers ๐Ÿ˜ˆ and also techniques of the defenders ๐Ÿ˜‡:

Let me know if you are interested in more articles around AppSec / InfoSec!

I love writing about software development and technology ๐Ÿคฉ Donโ€™t miss updates: Get my free email newsletter ๐Ÿ“ง or sign up for Medium โœ๏ธ if you havenโ€™t done it yet โ€” both encourage me to write more ๐Ÿค—

New to trading? Try crypto trading bots or copy trading

It Security
Security
Crypto
Cryptojacking
Monero
Recommended from ReadMedium
avatarAustin Starks
I just tried OpenAIโ€™s updated o1 model. This technology will BREAK Wall Street

All of my articles are 100% free to read! Non-members can read for free by checking out this link.

6 min read
avatarHarendra
How I Am Using a Lifetime 100% Free Server

Get a server with 24 GB RAM + 4 CPU + 200 GB Storage + Always Free

3 min read
avatarSpaceseven
6 Best NFT Crypto Games to Play in 2024

Blockchain gaming is rising again, with major gaming companies stepping into the space, signalling a promising future for gamers andโ€ฆ

4 min read
avatarShenggang Li
Modeling Digital Coin Trends

Leveraging Attention Neural Networks to Analyze Competition, Regulation, and Market Trends

14 min read
avatarDmytro Sazonov
How to use TRON Paper Wallet for secure TRX and USDT transactions

Learn how to create a TRON paper wallet using Python code and securely send and receive TRX or USDT (TRC-20 token) to your account.

7 min read
avatarNikhil Vemu
11 Coolest New Mac Apps You Have Never Tried Before

Apps so cool you will skip the trip to Antarctica

14 min read