Lower computer response time, increased processor usage and higher than usual electricity bills. If you are experiencing these problems, you may have been cryptojacked.
The Google Threat Analysis Group (TAG) and Google’s CyberCrime Investigation Group sensed something fishier and more hostile about Glupteba, a trojan Windows malware that evolved into a crypto-based botnet.
While observing Glupteba binaries, the team identified some with a gig repository, which sparked a bigger investigation. Recently, the team partnered with internet infrastructure providers such as Cloudfare to take down more accounts associated with the cryptojacking botnet. Even Chainalysis, which was part of the investigation, revealed that the botnet weaponised bitcoin’s blockchain.
Infecting over a million machines worldwide, Google filed a lawsuit against the alleged Russian masterminds Dmitry Staroviko and Alexander Filippov, among other 15 individuals. “The Glupteba botnet cannot be eradicated entirely without neutralising its blockchain-based infrastructure,” stated Google in its complaint.
Decoding cyrptojacking
In the 1999 film Office Space, a group of employees install malicious software in the employer’s company. The software could transfer a small, unnoticeable amount of each transaction, amassing to a fortune over the months. Cryptomining can function similarly. Many users do not even realise that their device has been compromised until it’s too late.
Lower computer response time, increased processor usage, overheated devices, and higher than usual electricity bills. If you are experiencing these problems, you may have been cryptojacked.
It all began in 2018, the period of crypto mining malware development and proliferation. While things began to ebb the following year as cryptocurrency depleted in value, 2020 sparked excitement again with the increasing numbers. And by 2021, cryptojacking became a dangerous threat.
With just a couple of lines of code, cryptojacking, aka malicious crypto mining, allows threat actors to use an unauthorised smart device and mine for cryptocurrencies. With the power to also compromise network servers, it is a powerful threat taking over the internet worldwide.
One of the most common types of cryptojacking is mining through a program called Coinhive. Depending on JavaScript, the program can be easily added on webpages and effortlessly downloaded, too. It then forces user devices to reveal cryptocurrencies without user permission.
While there are many methods of pirating malware into the system, the popular strategy of distribution is through infected websites. Even if a user calls up an infested download site, the malware is stacked through a drive-by download, and is undetectable.
Few years ago, Kaspersky had stated that “ransomware is rapidly vanishing, and that cryptocurrency mining is starting to take its place.” While it did not seem that way in recent times, cybersecurity experts believe it could be possibly true in the future due to the exponential rise of the cryptocurrency market.
Cryptojacking or ransomware. What should scare you the most?
Unlike cryptojacking, ransomware has no method to repeatedly extort its victims. Perhaps, it’s one of the reasons why cryptojacking is preferable to ransomware for crypto mining by threat actors. While cryptojacking takes less time to initiate, ransomware requires time and effort to develop and execute.
On the other hand, ransomware causes a stickier situation for users much to the delight of threat actors. Despite reliable backups and security measures, it costs both time and money to restore assets.
Cryptominers can stay hidden in small environments such as Kubernetes clusters, IoT devices, over-permissioned accounts, and Docker containers. It can also be developed across context languages, including Javascript, Python, PowerShell, and Ruby.
But if a system backed with efficient security tools is infected with a crypto mining software, the sudden spike in processing power would be a clear indication of infiltration. More importantly, it will become easier to detect and remove crypto mining software, making it seemingly less threatening than ransomware. But the reality is that the process can be fatal. An attack can immediately deplete the battery and leave the device inoperable for a long time.
Additionally, hackers today know that organisations and individual users are more focused on ransomware as cryptojacking is a relatively new concept. Adding the value of cryptocurrency in the market today, hackers choose the quick and neat method of cryptojacking over ransomware.
It continues to grow as the malicious miners are also involved in crypto tumbling, a parallel system to money laundering. Cryptojacking could evolve into wormable malware and piggybacking or botnets for hire and data theft, housing a large section of the dark web.
What can be done?
With the crypto market reaching $2 trillion in total assets, cryptojacking is proving increasingly lucrative. But the only solution is to stay vigilant and increase security measures. Although it’s hard to detect, experts believe cryptojacking will evolve into the worst of cyberattacks unless there are regulations, special cyber attention, and monitoring tools.
Anti-crypto mining browser extensions and health monitoring tools are easy security features to keep cryptojacking at bay. Additionally, there are projects such as “No Coin” and “MonerBlock” that can block mining activities in browsers, including Mozilla Firefox, Google Chrome, Firefox, and Opera. Another technique would be to conduct a full DNS inspection for all connected devices and identify mining algorithms at runtime rather than when it’s on the disk.
Using exploitable software, even if the hacker infected just 10,000 of the billion devices, it could make over $2,100 every week.
The Clever New Tricks
Most crypto mining campaigns have been compromised. While most of them are seemingly harmless, the problem remains that the machines are easily hacked if left unchecked. According to a Microsoft report, many hackers use Monero cryptojacking campaigns to serve as a smokescreen for more invasive attacks. The researchers gather evidence that the campaigns are intentionally designed to be vulnerable so that the security team engross themselves in it, while the hackers use the distraction to do something bigger elsewhere.
Apart from bitcoin, Monero is a popular currency on every hacker’s radar as it runs on non-specialised hardware, making it easier for illicit code installations. A 2019 research revealed that 4.4 per cent of all mined Monero came out of malicious crypto mining operations. With cryptojacking climbing the graph in 2021, the numbers could be even greater.
“To make cryptos environmentally friendly is one of the challenges that the cryptosystem should deal with in 2022 and further. A sustainable ecosystem for mining and activities in crypto and token generation is vital to the longevity of cryptocurrencies,” Ola J Lind, Director, FTFT Capital, told Datatechvibe.
Many companies still do not find cryptojacking to be as threatening as other cybercrime forms, but the truth is hackers are only one campaign away from inducing a far bigger cryptojacking disaster than the Glupteba incident.
If you liked reading this, you might like our other stories