Cryptojacking

The mining of cryptocurrencies such as Monero (XMR) or Ethereum (ETH) requires significant processing power and consumes huge amounts of electricity. To avoid the consequent costs, cybercriminals use cryptojacking to exploit other users' computing power.
Additionally, other reasons include:

• Hidden profitability: It is a low-cost and low-risk option for attackers.
  
• Massive dissemination: By using small scripts, it can be run simultaneously on millions of devices.
  
• Hard to detect: It does not generate alerts or require any interaction, so it can go undetected for months.
  

Zero cost: Attackers do not need to invest in hardware or pay electricity bills.

There are several ways a system can be targeted by cryptojacking:

• Web browsing (browser cryptojacking): Through a script inserted into a web page, the browser begins mining without permission whenever it is open. This is known as fileless cryptojacking.
• Malware: Programs that include code designed to mine cryptocurrency in the background.
• Phishing emails: Malicious attachments that download cryptominers on a computer.
• Unpatched vulnerabilities: Outdated computers are easily compromised.
• Supply chain attacks: Legitimate software compromised with hidden cryptominers.

Signs that your device may be infected by a cryptominer include:

• Abnormally high CPU or GPU usage without any resource-heavy tasks running.
• Excessive heat buildup on the device, even when idle.
• Slow performance or frequent system crashes.
• Increased electricity bills (especially for businesses or servers).
• High battery consumption on mobile devices.

As methods have evolved, today there are several different types of cryptojacking:

1. In-Browser Mining

This uses JavaScript scripts that start cryptomining when the user visits a specific web page. It is disabled when the tab is closed, but can remain active using persistence techniques.

2. Resident Malware (Binary-Based Mining)

Cryptomining malware installs on a system and runs as a background process, even after the computer is restarted. It is often disguised as legitimate software.

3. Fileless Mining

This technique uses internal tools such as PowerShell to run code directly on the RAM, without leaving traces of files on disk.

4. Cloud/Server-Based Mining

Attackers access accounts on services such as AWS or Azure and run large-scale cryptomining containers. These actions consequently generate very high costs.

5. Supply Chain Attacks

These attacks manipulate legitimate software as it is distributed to include hidden mining code, which runs on thousands of computers simultaneously.

Even though it doesn't directly steal data, its effects can be devastating:

• Diminished performance: System resources are consumed in the background.
  
• Reduced hardware lifespan: Constant overheating takes its toll on processors and batteries.
  
• Financial costs: Companies with compromised infrastructure can suffer enormous losses due to excessive energy consumption.
  
• Greater risk of infection: The compromised system can be a gateway for other types of malware or botnets.

Here are some best practices to follow to avoid falling victim to this threat:

• Install a good antivirus: Use Panda Dome to detect cryptomining scripts and block malicious executables in real time.
• Keep your system updated: Apply all corresponding security patches to avoid vulnerabilities.
• Use script blockers: Extensions such as NoScript or uBlock Origin help block suspicious scripts in your browser.
• Monitor your device performance: Check CPU and GPU usage with tools such as Task Manager or monitoring solutions.
• Protect your cloud infrastructure: Use multi-factor authentication, usage limits, and alerts on services such as AWS or Azure.