Cryptojacking – Extreme Lengths People Have Gone to…

You’ve probably already heard of various cryptocurrency exchanges & wallets being hacked, user funds being stolen and so on.

However, have you ever heard of crypto jacking? Well, it’s time you do. It’s a term only recently coined implying the stealing of computational power to mine cryptocurrencies. What happens is, the user visits an infected website which in turn results in malicious code being executed on the user’s device. The code then solves cryptographic puzzles required to mine a cryptocurrency by using the device’s computational power. The group that placed the code then get to receive the mining rewards without any benefit to the user.

The most popular cryptojacking script found is Coinhivewhich is an online based miner that allows website owners to mine the cryptocurrency Monero as an alternative to adverts being displayed. There’s also an option to ask the users for permission.

An example of Coinhive’s newer version, ‘AuthedMine‘ being used legitimately by a blog.

However, hackers have utilized this legitimate service for malicious purposes infecting sites and mining cryptocurrencies without user consent. This can also make the device significantly slower because of the increased use of resources potentially damaging the device.

Summing up, I’ve compiled a series of such high profile events, after all, you should be aware of such instances to protect yourself from such attacks.

1.Tesla’s Cloud Servers Hacked

Recently, Tesla – the famous electric car company headed by Elon Musk – had its Amazon Web Services(AWS) credentials exposed, this led to hackers utilizing an Amazon S3(Simple Storage Service) bucket to mine cryptocurrencies. This was reported by Redlock– A cloud security company – who states that the group used a number of measures to hide their identity and remain undetected as well. A few points in summary:

  • They installed mining pool software instead of using a well-known mining pool.
  • They used Cloudflare to hide the true IP address of the mining pool.
  • The CPU usage was kept to a minimum to avoid unwanted attention.

After the hack was reported to Tesla, they investigated and claimed that no customer data was lost in the process.

2. Starbucks Public Wi-Fi Manipulated

In December 2017, a Starbucks customer named Noah Dinkin and his friend discovered how Starbucks public Wi-Fi was being manipulated in 3 separate Starbucks stores in Buenos Aires over multiple days and informed the company.

In response after 10 days, the company’s Twitter account assured the public that the issue has been dealt with.

This is one great example of how your devices can be used to mine cryptocurrencies without your knowledge, the script being used was Coinhive.

3. Government Websites Hacked

This time over 4000 websites were infected again by Coinhivesecretly mining Monero.

As Mohit Kumar from The Hacker News states,

The cryptocurrency mining script injection found on over 4,000 websites, including those belonging to UK’s National Health Service (NHS), the Student Loan Company, and data protection watchdog Information Commissioner’s Office (ICO), Queensland legislation, as well as the US government’s court system.

The attack became possible because of an infected third party plugin named ‘Browsealoud‘ being used on all of the respective sites.

Just like the Starbucks incident, this time too, a user named Scott Helme alarmed the affected parties of the malware. In response, the malware was removed in a quick 4 hours by TextHelp – the creators of Browsealoud, although still a mighty blow.

4. Students using University Computers

Universities may have computer equipment for educational reasons but some students would definitely disagree.

An anonymous student by the pseudonym Helix reported his story of mining Dogecoin back in 2014 using Imperial College London’s computer systems.According to CoinDesk,

Felix mines using an online pool, meaning that his efforts are combined with others through a website. After installing a program on to each computer, their individual processing power is counted towards his single online account, allowing him to combine many computers with very little technical know-how.

Another famous incident is that of a student who used Harvard University’s supercomputer named Odyssey to mine Dogecoin as well. However, the student was caught by system administrators and was banned from using all research computing facilities available at Harvard, not the best of your outcomes.

These were just some of the prominent cryptojacking incidents that have surfaced over time. To protect yourself against cryptojacking,

  • Install an extension like minerBlock which aims to block cryptocurrency miners all over the web.
  • Install a good anti-malware software which is capable of detecting malicious mining scripts.
  • If you’re a website owner, make sure all your software packages are up-to-date, outdated version can usually be easily exploited.
  • Use a website like Cryptojacking Test to scan your browser to see if it’s affected.

Guest article written by: Sudais Asif – Content Writer at ProPakistani & Level 2 Seller on Fiverr. Reach him at [email protected].

Leave a Comment