Cellphones overheating, websites that take a while to load or an app that doesn’t open correctly are minor inconveniences that smartphone users have become accustomed to. However, these can also be indicators that someone has hacked your device. Cryptojacking is a technique that cybercriminals are using to infiltrate computers, smartphones and tablets in order to mine cryptocurrencies such as bitcoin. The process of mining can be very costly; it requires serious investment and very powerful devices, on top of racking up huge electricity bills. Via cryptojacking, hackers can avoid these costs by making someone else unwittingly foot the bill. According to Sara Nieves Matheu, a post-doctoral researcher at the University of Murcia in Spain, blockchain – the technology on which cryptocurrency transactions is based – is extremely expensive to run. “To write a block there is a mathematical algorithm that is very costly, computationally speaking. The way to write this block is to have a vast number of devices or a very powerful server. This requires a lot of electricity, computing power, processors… whoever manages to be the first one to write that block in the chain gets the reward, bitcoins.” Cryptojackers are naturally keen to avoid these outlays.
There are several ways of carrying out cryptojacking, and many do not require the user to do anything at all. One of the most common ways cybercriminals achieve this is to gain access to a vulnerable app. Matheu herself fell victim to this kind of hacking, even though she was unaware of it. “I went to use an app and a message came up saying a vulnerability had been detected and Google had removed the app from the store. Later on, I read articles that explained this app had served as a bridge to install other apps that did various other things, particularly mining for cryptocurrencies.” The app, CamScanner, served to scan documents with a cellphone to create PDFs and had been downloaded more than 100 million times. It was an official app, reviewed and approved by Google Play Store, which shows that a user doesn’t necessarily have to download anything unusual to wind up a victim of cryptojacking.
Not all users are affected by the same type of attack via apps. Matheu explains that “some people might download apps that bombard them with advertisements, while others may have apps that run in the background to mine… it depends on the objective, but there are certain types of attack that affect all apps, above all when we are talking about mining bitcoin. What interests [the hackers] is to have as many devices mining as possible.”
Cryptojacking can also occur after a user has accessed a malicious website or one that has been compromised. In this case, there are two scenarios. In the first, mining takes place when a user is on the internet and the process stops when the browser is shut down. In the second, the browser is a gateway for a code to be downloaded onto the device so that it will continue to run even when the browser is closed. According to Ángela García Valdés, a cybersecurity expert at the Spanish National Institute of Cybersecurity (INCIBE), in the second scenario, “what is infected is not the web browser, but the computer itself.” The device remains compromised simply because that malicious page was accessed. There is no need for the user to actively participate or approve any downloads.
Any device that connects to the internet can fall victim to an attack of this kind, even routers and vacuum cleanersÁngela García Valdés, cybersecurity expert
“Any device that connects to the internet can fall victim to an attack of this kind, even routers and vacuum cleaners,” says García Valdés. “But where cryptojacking is concerned, what the cybercriminals are really after is to use the processor and the graphics card. The more powerful the devices are, the greater the financial benefit is for them. Hacking a watch is not going to be as beneficial because its processor is not as efficient as a computer.”
If a user notices that a device is running slowly, overheating when not in use, that apps are freezing or not working properly and or if they detect an increase in their electricity bill without having changed their daily routine, they may be a victim of cryptojacking. In that case, what can be done to resolve the problem? According to both experts, the first thing to do is run a full check of the device with the antivirus software it has installed. If any viruses or malware are detected, carrying codes that work in the background behind apps or the browser, it is not enough to simply uninstall the app that has granted access. The best thing to do is consult an expert, such as INCIBE, who have a free helpline in Spain users can call on 017.
Although the level of sophistication employed in cryptojacking is high and it is more difficult to detect than other kinds of virus, there are several preventive methods users can employ to help protect their devices. Matheu says that plugins are very useful to protect browsers against the installation of malicious codes and in detecting them when they manage to find a way in. Antivirus software that searches for malware alerts a user to their presence on a device and regularly updating all installed apps, including antivirus, and device software is also essential.