Cryptojacking! What is this new cybersecurity trend?

13/12/2017
Author Avatar
Maxime Lamarche
Technical Engineer, EASI

Hackers always have new ideas to make profit and abuse your lack of knowledge.
Cryptojacking is their last one :(

Cryptojacking you said?
This is the new cybersecurity threat used by hackers to produce cryptocurrency without the users' knowledge.
Indeed, since mid-september, hackers use a new clever twist, JavaScript, to start mining instantly when you load a compromised webpage.

But let's go back a bit. Cryptocurrency was born in 2008 with the Bitcoin. It's a decentralized digital cash system used on the internet to buy things. This virtual money is produced by people called miners and every miner is taking part of this global peer-to-peer network. Furthermore, every miner has a complete history of all the transactions and thus, the balance of every account.

What we call a transaction is a file that says, “Bob gives X Bitcoin to Alice“ and is signed by Bob‘s private key. It‘s basic asymmetric cryptography. When signed, a transaction is broadcasted in the network. Almost immediately, the whole network is aware of the transaction. But only after a specific amount of time it gets confirmed.

Indeed, confirmation is the critical concept in cryptocurrencies. As long as a transaction is unconfirmed, it is pending and can be cancelled. When a transaction is confirmed, it is set in stone and can‘t be reversed. It is part of an immutable record of historical transactions of the so-called blockchain.

Only miners can confirm transactions. This is their job in a cryptocurrency-network. They take transactions, stamp them as legit and spread them in the network. After a transaction is confirmed by a miner, every node has to add it to its database. Finally, for this job, the miners get rewarded with a token of the cryptocurrency, for example with Bitcoins.

But I'm sure you are thinking... So what?! What's the issue? I will not loose any data. The only thing I will loose is a little of my electricity.

Sure! You're right but these "greyware" will slow your computer and will mostly help malicious users to get money, which could help them to perform worse malicious attacks. Furthermore, protecting yourself is easy and will not require a lot of your time. You can:

  • Add a browser extension: AdBlock, NoCoin...
  • Check your CPU consumption
  • Use Anti-Malware software such as Malwarebytes

Don't hesitate to spread the word.

 

Current job openings

Sign up to our newsletter

Follow us

  

Share this article