What is cryptojacking / cryptojacking?

Mining is used to mine cryptocurrencies such as Bitcoin, Ethereum, Monero and Zcash. These are computing processes that require a lot of performance from the hardware. Accordingly, those people who want to create crypto units must first invest in CPU or GPU power and pay the electricity costs before they can benefit from their digital money.

However, this hardly pays off, which is why criminal miners resort to cryptojacking. Cryptojacking means taking over the resources of other computers to obtain cryptocurrency. There are various approaches and signs of infected systems.

What is cryptojacking? How does crypto mining work on someone else's computer? And how do you recognize the malware infection? Here's all the information about the computer takeover for digging for Internet currency.
What is cryptojacking? How does crypto mining work on someone else's computer? And how do you recognize the malware infection? Here's all the information about the computer takeover for digging for Internet currency.

What does cryptojacking mean?

Cryptojacking is a word combination of crypto or crypto currency (cryptocurrency) and hijacking (kidnapping, hijacking). Criminals who engage in cryptojacking hijack other people's computers, tablets or smartphones in order to misuse their computing power to generate cryptocurrency. According to some sources, the procedure is used less for well-known internet currencies such as Bitcoin or Ethereum, but rather for coins without transaction recording, i.e. Monero and Zcash. But others are not excluded.

Cryptojacking - How criminals take over the computer

Cryptojacking is not like being blocked by ransomware or being controlled by a third party Rootkit to completely take over the computer. That would also be too obvious. Cryptojacking runs in the background; the programs or scripts used for this should not be recognized by the users and are hidden accordingly. There are various ways of infiltrating this – either via a Trojan Horse, which disguises itself as a normal app or another download, but brings cryptojacking code with it, or as a javascript on websites that executes the necessary commands via the Web browser gives away.

Cryptojacking via malware (app download with malware)

As already mentioned, cryptojacking malware can sneak into the computer by downloading it. Theoretically, this can happen under Windows as well as under macOS and Linux. Smartphones and tablets running iOS, iPadOS or Android can also be affected. The software that ends up in memory via a Trojan horse or similar means can then permanently access the resources (processor, graphics card, etc.) and use them to calculate new cryptocurrency units. Ideally, the whole thing happens unseen by the criminals. No program appears on the taskbar or dock.

Temporary cryptojacking via infected websites

If Java Script code is used on a website to access the computing power of the end device via the browser and then operate crypto mining, this can be done either temporarily or permanently. Temporary means that the code is only executed when the website is open or at the latest until the browser is completely closed. In the event of an unusually high system load, it may be sufficient to restart the web browser app to fix the problem.

Ongoing cryptojacking by infected websites

However, some scripts also manage to continue using the infected machine's resources for crypto-mining when both the deceptive website and the browser are (apparently) closed. So-called pop-under windows are used here. They are basically the opposite of pop-up windows and are not intended to attract attention. Rather, they are intended to house a hidden open page or hidden code – in Windows systems this can happen behind the taskbar or the clock display.

How to detect malicious cryptomining on computer?

As with almost any other malware, cryptojacking or malicious crypto mining can be recognized by a system load that cannot be clearly explained. So if the computer slows down for no apparent reason, runs hot, lets the fans run fast, jerks and does not react as usual or even crashes, then this can be an indication of the malware infestation. It does not always have to be cryptojacking, other malware can also put a heavy load on the system. To identify the cause of the problem, it may help to turn off the computer, let it cool down, turn it on again, locate the resource-hungry process (on Mac in the Activity indicator) and find his name in a search engine.

Which systems are affected by cryptojacking?

For apps and scripts for cryptojacking, it makes sense to identify the third-party hardware before using it. Executing the necessary code is only worthwhile if sufficient computing power is available. Accordingly, gaming computers with powerful CPUs and current graphics cards are popular targets. But even servers and networks are not necessarily immune to cryptojacking. After all, they offer the advantage that they are permanently switched on. Private computers and company computers are switched off at least part of the day, which interrupts mining again and again.

Drive-by cryptomining as “good” hijacking of devices on websites

Exploiting someone else's computing power for the purpose of acquiring coins does not always have to be illegal and hidden. At the start of the Bitcoin hype, there were also website operators who openly asked their visitors whether they could start the code needed for mining. This was often accompanied by trade: users could use the website content for free and the creators of the content could earn something extra. “Good” drive-by cryptojacking could be operated over a longer period of time, especially on sites with a high dwell time (video streaming, browser games, etc.). It ended when the page was closed. In addition to computers, this is also possible on Android devices.

How do I protect myself from cryptojacking?

The same instructions apply to Windows and Linux PCs as well as Apple Macs, smartphones and tablets as to almost any other malware. In order not to come into contact with the malware, unknown links (on websites, in e-mails, etc.) should not be opened. Downloads from dubious sources and attachments from e-mails with unknown senders should also not be opened. JavaScript can be disabled in the web browser to prevent hijacking via websites. Do you have any more information, tips or testimonials on the subject? Then please leave a comment!

Sources: 1, 2

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.