It used to be a simple virus. Your computer might get the sniffles, a sign of the common cold, and McAfee or Norton would kick it to the curb faster than chicken soup. Then came malware, which encompassed viruses, trojan horses, spyware, ransomware – hostile and intentionally harmful programs to the computer user.
The latest is cryptojacking. And here is where we get to use all of the buzzwords like cryptocurrency, crypto mining, Bitcoin, and blockchain.
Viruses were the original little hack. A programmer would find a way to slip a file onto your computer as an attachment spread through email, a download file or even tucked in the program of a CD-Rom. Remember those? Others exploited security holes in programs on your computer. The program would then worm through your computer files looking for information to exploit such as social security numbers, bank accounts, or passwords that would then be sent back to the programmer where they may harvest and sell your data to other unscrupulous characters.
Fast forward to spyware and ransomware where more ugly little programs would find their way onto computers to use cameras in voyeuristic ways, or pop a message up that until a ransom is paid the user’s computer would be locked and rendered useless.
The latest and lucrative blackhat magic is in the realm of cryptocurrency – decentralized digital currency being used for payments that can, through online exchanges, be converted to regular currency – Euros, US Dollars, Pesos, etc.
It all comes down to money and how to make it, or make more of it.
Cryptocurrency and Blockchain
To understand cryptojacking, you first need to understand the basics of cryptocurrency. There are a few ways to get cryptocurrency – buy it or earn it.
You can buy or invest in a cryptocurrency such as Bitcoin, Etherum, or thousands of others just like you would a stock on the stock exchange. If you bought Bitcoin at around US$50, you’re in the money as its currently trading around US$7,000.
Earning cryptocurrency is where we get into cryptomining. You can earn cryptocurrency by helping support that cryptocurrency’s system.
It’s like a game of telephone where files (blocks) are continuously added and every few minutes you have to update and retell, or in this case save, all of the files with transactions in the chain to date – the blockchain.
“For the uninitiated, cryptocurrency mining is the process by which new digital currency is created. Mining uses a computer’s processing power to solve increasingly difficult cryptographic puzzles online. The more puzzles a computer can solve, the greater the rewards.” – TechWire Asia
The cryptominer is the person or entity looking to solve the puzzle and earn the cryptocurrency. And they need as much computing power as quickly as they can get it. In the initial days of cryptocurrency’s life, the history of transactions or number of blocks are few and the computing power necessary to solve the puzzle is quite light.
With the increased use of a cryptocurrency, the length of the blockchain (the number of files in your game of telephone) – the computing power and speed needed quickly outpaces what a single computer or bank of computers can do.
To get more computing power, a cryptominer must spread the load across hundreds of thousands of devices with computing power, each doing a quick calculation before sending it back to help the cryptominer solve the puzzle first to get the bounty or reward.
So how does the cryptominer get access?
A cryptominer gains access to thousands or even millions of computers and smartphones through browser extensions and small files though unsuspecting downloads, unsecured wifi connections, even ads loading from a website that use your browser’s session. They hijack – or cryptojack – your smartphone or computer for a little processing power.
Yes, your smartphone and computer may be doing a wee bit of work for a cryptominer without you even knowing it. If you ever wondered why your smartphone battery suddenly starts to drain quickly, it could be a cryptominer using your smartphone to do some work.
Staying One Step Ahead
To combat cryptojacking ad networks are feverishly working to scan and remove ads that hijack the user’s browser session for cryptomining. Google recently banned Chrome extensions that acted as cryptominers. Smartphone security updates try to plug holes exploited by cryptominers using malware and other viruses to connect and use the phone’s processing power.
Cryptojacking may not seem like a direct attack compared to ransomware or a virus that wipes out a computer. But there is no victimless crime. The loss of computing power, time and energy to combat the onslaught do add up.