Cryptojacking: How your device can be infiltrated to mine cryptocurrencies

Cybercriminals are using the processing power of other people’s cellphones and computers to profit without spending a dime on expensive equipment and electricity bills

Cryptojacking is on the increase, but there are ways for users to defend their devices against malicious downloads.
Cryptojacking is on the increase, but there are ways for users to defend their devices against malicious downloads.UNSPLASH

Cellphones overheating, websites that take a while to load or an app that doesn’t open correctly are minor inconveniences that smartphone users have become accustomed to. However, these can also be indicators that someone has hacked your device. Cryptojacking is a technique that cybercriminals are using to infiltrate computers, smartphones and tablets in order to mine cryptocurrencies such as bitcoin. The process of mining can be very costly; it requires serious investment and very powerful devices, on top of racking up huge electricity bills. Via cryptojacking, hackers can avoid these costs by making someone else unwittingly foot the bill. According to Sara Nieves Matheu, a post-doctoral researcher at the University of Murcia in Spain, blockchain – the technology on which cryptocurrency transactions is based – is extremely expensive to run. “To write a block there is a mathematical algorithm that is very costly, computationally speaking. The way to write this block is to have a vast number of devices or a very powerful server. This requires a lot of electricity, computing power, processors… whoever manages to be the first one to write that block in the chain gets the reward, bitcoins.” Cryptojackers are naturally keen to avoid these outlays.

There are several ways of carrying out cryptojacking, and many do not require the user to do anything at all. One of the most common ways cybercriminals achieve this is to gain access to a vulnerable app. Matheu herself fell victim to this kind of hacking, even though she was unaware of it. “I went to use an app and a message came up saying a vulnerability had been detected and Google had removed the app from the store. Later on, I read articles that explained this app had served as a bridge to install other apps that did various other things, particularly mining for cryptocurrencies.” The app, CamScanner, served to scan documents with a cellphone to create PDFs and had been downloaded more than 100 million times. It was an official app, reviewed and approved by Google Play Store, which shows that a user doesn’t necessarily have to download anything unusual to wind up a victim of cryptojacking.

Not all users are affected by the same type of attack via apps. Matheu explains that “some people might download apps that bombard them with advertisements, while others may have apps that run in the background to mine… it depends on the objective, but there are certain types of attack that affect all apps, above all when we are talking about mining bitcoin. What interests [the hackers] is to have as many devices mining as possible.”

Cryptojacking can also occur after a user has accessed a malicious website or one that has been compromised. In this case, there are two scenarios. In the first, mining takes place when a user is on the internet and the process stops when the browser is shut down. In the second, the browser is a gateway for a code to be downloaded onto the device so that it will continue to run even when the browser is closed. According to Ángela García Valdés, a cybersecurity expert at the Spanish National Institute of Cybersecurity (INCIBE), in the second scenario, “what is infected is not the web browser, but the computer itself.” The device remains compromised simply because that malicious page was accessed. There is no need for the user to actively participate or approve any downloads.

Any device that connects to the internet can fall victim to an attack of this kind, even routers and vacuum cleaners
Ángela García Valdés, cybersecurity expert

“Any device that connects to the internet can fall victim to an attack of this kind, even routers and vacuum cleaners,” says García Valdés. “But where cryptojacking is concerned, what the cybercriminals are really after is to use the processor and the graphics card. The more powerful the devices are, the greater the financial benefit is for them. Hacking a watch is not going to be as beneficial because its processor is not as efficient as a computer.”

If a user notices that a device is running slowly, overheating when not in use, that apps are freezing or not working properly and or if they detect an increase in their electricity bill without having changed their daily routine, they may be a victim of cryptojacking. In that case, what can be done to resolve the problem? According to both experts, the first thing to do is run a full check of the device with the antivirus software it has installed. If any viruses or malware are detected, carrying codes that work in the background behind apps or the browser, it is not enough to simply uninstall the app that has granted access. The best thing to do is consult an expert, such as INCIBE, who have a free helpline in Spain users can call on 017.

Although the level of sophistication employed in cryptojacking is high and it is more difficult to detect than other kinds of virus, there are several preventive methods users can employ to help protect their devices. Matheu says that plugins are very useful to protect browsers against the installation of malicious codes and in detecting them when they manage to find a way in. Antivirus software that searches for malware alerts a user to their presence on a device and regularly updating all installed apps, including antivirus, and device software is also essential.

Users can also install extensions that prevent the execution of JavaScript, the programming language that is generally used to install the kind of codes on which cryptojacking is based. However, as Matheu notes, JavaScript is also used in the operation of web pages in general, and as such “it could be the case that deactivating it will also affect the navigability of websites as a whole.” It is up to the user to decide what level of protection they want or consider sufficient.

More information

Recomendaciones EL PAÍS
Recomendaciones EL PAÍS