A new hacking trend -“cryptojacking”- has been spreading over the internet, forcing unknowing web users to mine cryptocurrencies for cybercriminals.
Hackers infect computers by using websites that have malicious code which lets them secretly use the processing power of unsuspecting visitors, using said resources to mine cryptocurrencies.
The cryptojacking process is undetectable and infected users usually don’t even realize their computers are used for mining, unless the fan starts to make noise because the PC is forced to work at maximum capacity. The cryptojacking stops once the users leave the infected website.
Troy Mursch, a computer security researcher, recently found as many as 50,000 websites which have been infected by this new hacking trend. He also said that cryptojacking is in its “gold rush” stage.
An incident last month also revealed the scale of this problem. On Sunday morning, with most IT workers being at home, the websites of the Information and Privacy Commissioner of Ontario, the municipal websites of cities including Yellowknife and Oshawa, Ont., and the Centre for Addiction and Mental Health, were just a few of thousands of sites that were attacked. The attack is connected to a third-party accessibility app called Browsealoud.
The infected websites included thousands that were hosted by the WordPress platform, which is used in particular by bloggers and small businesses that want to set up a noticeable web presence in an easy way. Many websites of small Canadian stores and businesses were used to produce profit for hackers.
This scheme has generated so much profit, that many hackers have renounced trying to steal personal user information or hijack computers with ransomware attacks, says Jerome Segura, a security researcher with Malwarebytes, a software company.
“It’s not that it’s not happening anymore but it’s a lot less than it was in the last couple of years when ransomware was the main focus and causing mayhem,” said Segura. “As long as the price of cryptocurrencies stays high, this is going to be the kind of activity that we’re going to see cybercriminals prefer.”
While cryptocjacking is not necessarily “good news” for internet users, Mursch said “it’s definitely the lesser of the evils” compared to being hit by a ransomware attack, in which hackers lock your computer and demand money if the owner wants access to his files.
“Ransomware is basically like pointing a gun at you and saying, ‘Hey, pay up or you’re not getting your files back,’ versus cryptojacking you might not even know about it, it’s just going to silently steal your electricity,” said Mursch.
Segura also pointed out that this trend can affect almost any type of device that can access a website. Before, many consumers believed they were safe from viruses and malware on their mobile devices or Apple computers.
“It’s platform agnostic in the sense that it doesn’t matter if you have a Windows computer, or a Mac, or even a mobile device, if you’re visiting that website your device will start mining regardless,” said Segura.
Segura added that there is a possible risk of overheating and damaging an overworked device should it be mining continuously for long amount of time.
“There have been cases — more proof-of-concepts, but still — where in a lab people tested running a cryptominer at 100 per cent and after a certain amount of hours the device overheats and actually pops, the back popped out.”
While the trend could die down when the cryptocurrency that the code targets, Monero, has a drop in value, Segura also warned that there is a possibility that hackers could adapt and try to target users’ PC’s for mining instead of web browsers.
On Wednesday, Microsoft’s Windows Defender Antivirus software reported that it recently blocked attempts by hackers trying to inject cryptomining malware on almost 500,000 computers in just one day, with a majority of these attacks being in countries such as Russia, Turkey and Ukraine.
Mursch advised WordPress users to always remember to install software updates, because they can easily solve any security vulnerabilities which might come up.
“It’s kind of hard to believe, but you just have to update it to magically fix it. But it’s not going to email you, or start beeping, or alert you in any way, so you definitely have to be proactive.”
He also observed that a majority of the infected WordPress sites he found seemed to be abandoned by their owners but they still continued to “just float out there in the ether” and infect other users when accessed.
“If you take it too lightly and think, ‘Well, it’s not really affecting my computer much,’ what you don’t realize is it’s fuelling an economy that is benefiting criminals,” Segura said.
Segura warns internet users to remain alert and look into any suspicious activities, because even though the cryptoajcking trend is a hack that affects to a lesser extent the computer, it is still helping fund criminals.