BLOG: Is Cryptojacking On The Rise Again?

Cryptojacking was at the centre of a lot of controversy in 2017 and 2018 but slowly died down in 2019 due to the shutdown of cryptocurrency mining service CoinHive. Multiple security firms recently identified cryptocurrency mining service Coinhive as the top nefarious threat to Web users. When the cryptocurrency markets faltered in 2019, crypto-jacking reports dropped by 40%. From the start of 2020 onwards, reports about crypto-jacking had essentially gone under the radar.

Coinhive was a cryptocurrency mining service that relied on a small portion of computer code designed to be installed on webpages. The code utilises some (but can extend to all) of the computing power of any browser that visits the site in question, enlisting the machine in a bid to mine bits of the Monero cryptocurrency. Monero differs from Bitcoin in because its transactions are effectively untraceable, and outsiders cannot track Monero transactions between two parties. Understandably, this quality made Monero an especially appealing choice for cybercriminals.

Coinhive released its mining code in the summer of 2018 and it later emerged that Coinhive’s code was one of the top malware threats tracked by multiple security firms based on their code being installed on hacked websites without the owner’s knowledge or permission. Coinhive’s code is similar to that of the malware infection by a malicious bot or Trojan, Coinhive’s code frequently locks up a user’s browser and drains the device’s battery as it proceeds to mine Monero for as long a visitor is browsing the site.

Cryptojacking is an unconventional exploit that comes from the complex and complicated nature of cryptocurrency finance. Cryptocurrencies like Bitcoin and Ethereum are digital, tradable assets that are stored on software. This software uses blockchain technology to record and verify transactions while detouring the need for a contribution from a central authority. Cryptojacking is a specific type of scam that allows attackers to install malware, (often referred to as ‘miners’) on users’ devices. These miners utilize your device’s resources in the background to mine cryptocurrency. Cryptojacking is the criminal manifestation of crypto mining. Cryptojackers use similar techniques as malware to sneak onto an endpoint via drive-by downloads, phishing campaigns, in-browser vulnerabilities, and browser plugins to name a few.

There are two main methods of operation for Cryptojacking. The first stage of the procedure is to infect the browser with a plugin that consumes some computing power when the target is online without their awareness. The second type is the method that mirrors standard malware methods, the plugin is then installed on endpoints and servers, it operates on the local machine whether the computer is on or off and alongside this operates the victim’s internet connection to mine cryptocurrency for the attackers. Miners are designed to operate on all operating systems: Windows, Linux and even macOS.

When the cryptocurrency markets floundered in 2019, crypto-jacking reports dropped by 40%. From 2020 onwards, reports have largely gone under the radar, even as they grow in size and significance.
Throughout the last year, malicious crypto-mining has seen a resurgence and it seems that the ‘hiatus’ taken by crypto-jacking cybercriminals has been resumed, and crypto-jacking has now been revived. According to a recent report by cybersecurity professionals, crypto-jacking cases have risen within the first quarter of 2021. The report explained that 432,171 users encountered miners on their devices in Q1, 2021. The number was tracked at 187,746 in January this year and 200,045 in March. The number of unique modifications to miners also increased by over four times, from 3,815 to 16,934. Unique modifications are changes to a miner’s code to mine a new kind of currency or adapt to new systems. Cybersecurity researchers saw 23,894 new modifications to miners in the first quarter of 2021.

Japanese tech service providers alleged that crypto miners made up 41% of all detected malware in 2020 and were most widely found in Europe, the Middle East, Africa and the Americas, which tech firms have not seen in a long time. The most common coinminer variant was XMRig, which infects a user’s computer to mine Monero, accounting for 82% of all mining activity. Others included Cryptominer and XMR-Stak.

Cryptocurrencies’ current total market cap sits at $2.30 trillion. This has opened a gateway for cybercriminals to scam, steal, and otherwise exploit this lack of knowledge and this boom seemed to draw more users to the industry, which commenced more transactions and trading and hence increased the need for crypto mining.

Microsoft Exchange attacks have been one of the focuses of the Monero crypto-jacking rise. In May 2021 cybersecurity researchers found that an unidentified cyber attacker had been attempting to place a malicious Monero crypto miner on Microsoft Exchange servers. The criminals acted extremely quickly and were able to receive money only days after the revelation from Microsoft that Exchange was vulnerable. Another group of cybersecurity professionals found several infections of the Prometei Botnet within companies in North America, that were exploiting Microsoft Exchange vulnerabilities. Additional examples include the crypto-jacking scheme revealed by cybersecurity professionals that used Docker images on the Docker Hub network to deliver crypto mining software to victims’ systems.

It is possible that cryptojacking will continue to rise, organisations and businesses worldwide have to stay vigilant about this.