Pirates of the Internet age: Part 2. What is cryptojacking, and what can we do?

All about stealth cryptomining


Nowadays probably each of the Internet users can take part in cryptocurrencies mining. Sometimes we do it without even knowing about it. In this case, cryptocurrencies do not go to income at all. In Part II of our article, we tell about stealth mining (or cryptojacking) and how to avoid it.


In Part I of our article, we told what cryptocurrency and cryptomining are, why did the cryptomining equipment has been evolved, and why mining is so risky.



Do have cryptocurrency? We’ll board you!

In the legal regulation field, cryptocurrency is one big headache — countries mostly were not ready for a full-fledged virtual competitor of fiat money, devoid of the shortcomings of ordinary currency. However, the economic value of cryptocurrencies is based on the classical principle of commodity exchange: demand strengthens the supply. The stronger people believe they can exchange their cryptocurrency for material values (pizza :-)), the stronger the currency position. You’ll have to come to terms with this, and sooner or later, the digital money will gain global recognition. In Japan, for example, Bitcoin has been recognized as legal tender since March 2016. The EU has abolished the taxation of transactions for exchanging bitcoins for fiat currencies. Switzerland, Bulgaria, Singapore, the USA, Croatia, and many other countries have defined cryptocurrencies as a kind of financial asset.


By the way, Germany also does this so that SIM-Networks customers can pay for the services of our company with the most popular cryptocurrencies - Bitcoin, Litecoin and Ethereum. In the article, You can pay for SIM-Networks services in cryptocurrency! we describe how to do it.


Although the cryptocurrency opponents also have reasons, emphasizing that anonymous and decentralized money is easily used by criminals to legalize the illegally obtained income. Yes, cryptocurrency is still in the shadow — and will remain there until governments determine cryptocurrency role and functions in their economic system. In the meantime, there is no law — there will be chaos, creating favorable conditions for stealth mining, aka cryptojacking.


Mining cryptocurrencies on your resources is an acceptable way to generate income, even if not everywhere and not quite legal. However, when someone uses for mining someone else’s resources and receives profit, this is an unacceptable way to generate income from any point of view.


How to infect mining virus?


Since ancient times, pirates have been called robbers aggressively appropriating other people's values. In the digital age, the “piracy” word has another connotation: on the Internet, pirates usually act quietly, secretly, and take away what they are not entitled to, trying to go unnoticed. In the case of mining, their task is to hold out hidden for as long as possible. This behavior is characteristic of viruses; therefore the “mining virus” term is often used.


Pirate mining has many more names: stealth mining, black mining, cryptojacking. One essence is to mine cryptocurrency on other people's capacities without the knowledge and consent of the owner. Hidden miners get to users' computers in different ways:

  • direct injection (rarely, but it happens: for example, offended by the dismissal, an employee uploads a miner from a flash drive directly to the corporate network);
  • using a variety of Trojans, backdoors, and other malware from downloaded cracked programs, key generators, installers, media files, etc. Checking such software is not always easy, which is what modern filibusters use;
  • through unauthorized remote access: “luck chain letters”, suspicious attachments can infect your system with a miner;
  • via internet browsers.


Does everybody remember the basic rules of information security? It will be reasonable to remain them again. Read more, please, in our article Corporate cybersecurity: How to defend information values.  Do not forget — information hygiene is the first of all!


There are even more exotic ways of other people's resources grappling for mining. At the end of 2017, the world was bewildered by the news that the WiFi provider in the Starbucks network in Buenos Aires was mining a Monero on the computers of cafe visitors!


By the way, hackers also thrive in the wake of the cryptocurrency popularity. For example, in May 2019, was detected a group of scammers which promised some Bitcoins daily just for installing some software, but instead of it this group installed malware to users’ computers.  Checking information and critical thinking in such cases can save you a ton of money and nerve cells.

Stealth mining in browsers

A clear sign of the hidden miner’s work on your computer is large resource consumption. Due to it, all applications slow down. Have you ever noticed that the browser works too slowly? When you open the task manager and watch the CPU load, you can see that more than 90% of the resource is busy by the browser. No matter how many browser tabs are open, the one or thirty-one, — the browser makes the processor work hardest. Do you recognize this case? Try disconnecting from the Internet — if after that the computer stops dulling right away, you are probably a victim of a browser stealth mining.


Browser mining is the type of cryptojacking. Malicious code is contained in a special JavaScript-script, which you can run by simply opening a browser window. The browser mining efficiency is minimal in comparison with miner software or embedded miner Trojans. But when tens of thousands of users visit the website daily, the income of the cryptojacking-pirates can be significant enough to continue this activity. What kind of websites can be very popular, which are interested for most users? News, sports, weather forecast — are first come to mind.


Cryptominers can use not only computers but also using mobile devices. By downloading an application on a tablet or smartphone, you cannot be sure that its code does not contain a script for launching a hidden miner. In late 2017 - early 2018, a wave of publications swept through the media that mining scripts were found in applications on Google Play and browser extensions.


The cryptojacking is discussed very often at forums on IT portals. An interesting case of a cryptominer injected inside the advertising on YouTube noted in January 2018. A two-component JavaScript miner was launched when watching a video and loaded the CPU by 80%. In this case, the famous high-level protection of Google’s resources didn’t work, and pirate outrage continued for several days:



The chart above shows the activity of the malicious campaign from January 18 to January 24, 2018. Considering the huge number of visitors to the most popular video resource on the Web, the attackers had enough weeks to break a good jackpot and quietly disappear. After January 24, the miner's activity died out, cryptocurrency mining stopped.


Another trick is to hide the miner in the pop under – it was a trick often used by Coinhive scripts. In its case, the cryptominer is very difficult to detect, and even when the browser window is closed, it continues working. So the victim, not suspecting a trick, continues to get cryptocurrencies for the fraudster, a one of the Pirates of the Internet Age.


Anti-Virus may not detect JavaScript execution in the page code and will not block it. You may not even pay attention to the fact that the load on the processor has increased, if the crypto-pirates are smart enough, they will not load your device at full capacity. And your computer, meanwhile, is mining cryptocurrencies for someone unknown. But sometimes, in order to stop the miner’s operating, it is enough to disable the execution of Java scripts in the browser.


Sure, it is not profitable to mine bitcoins or their forks in browsers, due to the low power capacity of the browser, and slow payback. The most popular cryptocurrency for browser mining is Monero. It does not require particularly powerful resources, and it can also be mined on a usual PC. Unlike BTC and similar cryptocurrencies, Monero is based on the CryptoNote protocol with a special PoW algorithm. It ensures almost complete anonymity of users, which explains the huge popularity of Monero in Darknet. Bitcoin and the same cryptocurrencies allow tracking the owners of crypto-wallets by the transactional trace. But Monero makes it impossible, due to stealth addresses technology. Group confidential transactions allow you to hide the amounts of each such transaction, and for the “twilight” residents of Darknet, the complete confidentiality is valuable.


Therefore, the stable growth of miners aimed at mining exactly the Monero is not surprising. But while some people do it on their own equipment, others use fraud methods, like real pirates.

You’ve detected a miner on your computer – what should you do?

Some people consider mining on the website an additional and a quite effective means of monetizing the web page, along with advertising banners and others. The experiment provided in September 2017 by one of the world's largest torrent trackers The Pirate Bay received wide publicity on the Internet. For 24 hours, the website implemented a mining script that loaded the site visitors' CPUs 100%. According to some estimates, this script can bring the owners of the Pirate Bay more than $ 45 thousand per month.


This amount is impressive. And it is quite possible that in the foreseeable future banner ads familiar to us will cease to be profitable for sites, in comparison with browser miners.

But now, when we are forced to give part of our resource in favor of someone else's crypto wallet, we are rightly angry and are looking for ways to protect ourselves from pirate mining.


On the Internet, you can find many recipes for treating cryptojacking infection — from the simplest disabling the execution of JS in the browser to complex multi-level cleaning with various antivirus programs. One of the easiest ways is to install the Anti-Miner extension for the Chrome browser. Its developers promise that it automatically blocks any software miner on sites where the user enters. Sometimes this is enough.


However, in some cases, stealth miners get into the computer inside a multi-module program. This program monitors the user’s behavior and strives to hide the presence of the “alien” by all means — removes it from the task manager window, or disguises it as one of the Windows processes, suspends the miner if activity monitoring is started (and your system performance magically increases instantly), disables anti-virus scanning system. If the user detects third-party software and removes it, this virus program is able to restore the miner and resume mining of cryptocurrency.


We can also remain a multi-component malware Black Squid, that attacks web servers and mining Monero on AMD NVidia graphics cards. It uses seven exploits at once, including EternalBlue. Getting to the web server, it determines whether there are software monitoring, analytics, and other tools that can reveal it incognito. If they are, it hides. But if this does not detect them, it starts to work, including cryptomining,  and stealing data, and change access rights and privileges in the system, and breaks software and hardware, and even can organize a cyber attack on the neighboring infrastructure. Just a jack of all trades!


However, in such cases there are antidotes — you just need to search them good. And, of course, do not neglect good antivirus protection that can detect cryptomining programs.

And what can SIM-Networks say?

Many people think that cryptomining is a kind of passive income that does not require effort. However, it is wrong to say that mining makes money out of nothing. Equipment costs — CPU, GPU, farm, or ASIC— are expenses. The cost of electricity, including for enhanced air conditioning of the premises with the farm, are expenses. The cost of Internet traffic and a router for stable operation are expenses. That is what distinguishes classic mining from pirate mining — the latter shifts the lion's share of the costs to other users. Rather,  processors of their computers, sure.


In human society, legal norms cannot be violated. But in the same way moral norms cannot be violated. Everyone should have a personal responsibility to society and their own conscience. The ethical base of SIM-Networks is built on this, and therefore, the protection of user rights and information security issues are our top priority. In our GTC, there is a limitation in servicing customers who use the company's resources for mining — mining is prohibited on all services except dedicated servers. Why? It is very simple: in a decent society, it is considered extremely obscene to use shared distributed resources to achieve personal, purely mercantile goals. Simply put, on shared hosting, VDS or in the public cloud, your mining “eats away” part of the total resources, because, despite the complete isolation of the clients, the capacity base is common. Neighbors will have to “share” their resources with you against their will, additionally increase configurations, spend their own funds — while your miner brings you income. This behavior, dear gentlemen, is not comme il faut at all! We declare directly: we block such clients for violation of our rules.


Of course, there are times when a client is hacked, and his resources are used by hackers for their own purposes. Nevertheless, having discovered crypto miner activity, SIM-Networks regards this as a violation of our terms of service and has the right to restrict access to such a client.


Is there a way out? Of course. A Dedicated Server or Private Cloud is always at your service. If there is a suspicion of hacker activity, you can contact our technical support and order an administration service. Our experts will conduct an audit of the system and find out all the details of what is happening with it.


In addition, at your request, we can assemble almost any configuration of dedicated servers, and even a farm in a private cloud! And all this is for you, without affecting the interests of other customers, according to your requirements, for your budget and taking into account your wishes for payment. Almost everything is possible with us. Yes, and our brilliant Customer Care, too, – do not hesitate to contact them, they will help 24/7/365!






Author Alisa Kandieieva

Share this: