Daily Times

This is a story from a forensic investigation I did a few days ago so I thought I’d share about a malware in the wild. The user cannot imagine that their device can be used for crypto mining.

An IT professional approached me about his machine making noise and running very slow. I asked him to check RAM and processor status. He said that he is not using any application but the processor and RAM are fully utilized. So, what’s the exact issue is?

In case of crypto jacking hackers mine cryptocurrency without paying for electricity, hardware and other mining resources For which another party’s computing resources are hijacked and used to mine cryptocurrency.

According to the European Union Agency for Cybersecurity’s (ENISA) annual report Crypto jacking was the third most prevalent cybersecurity threat in 2021. Google’s Cybersecurity Action Team found that 86% of its observed compromised cloud platforms resulted from crypto jacking. In 2020, Cisco reported 69% of its customers were affected by crypto mining malware.

How it works?

The crypto mining is the way to create and encrypt new coins on blockchain. Cryptocurrency miners solve encrypted puzzles, validate transaction and earn cryptocurrency.

To perform complex mathematical operations Crypto jackers utilize the power of victim’s computing machine. After performing the operations that needed to mine cryptocurrency the victim’s machine send the results to the crypto jacker’s server. It runs quietly in the background, redirecting victim’s processing power toward illicit crypto mining tasks. Mostly it does not damage the victim’s device but in some cases it can damage. When Crypto jackers targeting a large number of victims they use a small amount of a victim’s processing resources.

Modes of Crypto Jacking:

There are two modes of crypto jacking attack one of them is web browser and second one is host-based attack. The web browser based crypto jacking attack occurs when victim visits an infected website and in case of host-based attack the hackers use malware that gets downloaded onto a device of victim through any social engineering technique.

Symptoms of crypto jacking:

• Overheating of device.
• The fan runs faster than normal and makes noise.
• Device performance slower than usual
• High electricity/ battery consumption
• Above average CPU usage

How to prevent crypto jacking?

• Use strong cybersecurity protection.
• Beware of phishing Links
• Don’t download applications from unknown sources
• Use anti crypto jacking browser extensions.
• Use ad blocker and disable JavaScript.
• Secure servers and cloud configurations.
• Use software composition analysis (SCA).
• Block infected sites.
• Stay up to date.

Muhammad Asad Ul Rehman

Cyber Security Expert

Cyber Security of Pakistan

www.masadrehman.com