What is Cryptojacking? How to prevent, detect, and recover from it

As the popularity of Cryptocurrency increases - a new form of malware has emerged called Cryptojacking. For the final week of cyber security month, we wanted to make you aware of the dangers of this this new malware.

What is Cryptocurrency? Digital currency (e.g. Bitcoin, Ethereum) that can be used in exchange for goods, services, and even real money. Cryptocurrency can be purchased or earned through “mining”.  Mining involves using a computer to solve complex, encrypted math equations in return for a piece of cryptocurrency.  

What is Cryptojacking: Cryptojacking occurs when cybercriminals use a victim’s computer, tablet, or mobile device to mine for cryptocurrency without his/her knowledge. Unlike most other types of malware, cryptojacking scripts do not normally cause damage to victims’ data.  However, Cryptojacking does slow down a victim’s computer and internet connection and can cause battery drain.

How Cryptojacking occurs

  • Malicious Applications: Hackers trick victims into loading crypto mining code onto their computers, through phishing-like tactics. Victims receive a legitimate-looking email that encourages them to click on a link that installs crypto mining software that runs in the background.
  • Malicious Websites (Drive-by cryptojacking): Victims visit a site that runs a malicious script or is hosting a malicious advertisement. The script can do one of two things:
    • If the website is open, the user’s computer can be used to actively “mine” for cryptocurrency. This "Drive-by" attack can compromise any device with a web browser.
    • The website can use a script to install a malicious application without your knowledge
       
  • GithubGitHub is a web-based platform for collaborative software development (software can use code shared on GitHub).  Some Hackers will take code that is shared and hide cryptojacking malware within a fork of the project.

How to Prevent Cryptojacking Malware

  • As with all malware prevention:
    • Keep all your software and devices up-to-date with the latest patches and fixes. Many attacks exploit known vulnerabilities in existing software.
    • Only install software from trusted sources.
    • Avoid suspicious websites (e.g. torrentingshortened URLs) that can host these malicious scripts.

How to Detect and Recover from Cryptojacking

  • Symptoms of cryptojacking can include unexpected high processor usage (indicated by sluggish or slow response times) overheating of your device, and poor battery performance
  • If you think you are victim of Cryptojacking close all of your browser windows to exit your browser, remove any browser extensions, and run an antivirus scan. If an NJIT owned PC, open the McAfee Endpoint Security application and select “Scan System”.   Otherwise, scan your computer using your installed virus protection.

Browser-based cryptojacking is growing fast and just proves that hackers are always evolving their techniques. It reminds us that staying cyber safe and secure requires constant vigilance!

If you have any questions about NJIT's cyber security efforts, or need to report an incident, please contact the IST Service Desk at 973-596-2900 or https://servicedesk.njit.edu

NJIT Cyber Safe and Secure
2018-10-29

Cyber security is our shared responsibility. Always STOP, THINK before you click or respond to any type of electronic communication.

Last Updated: October 29, 2018