Cryptojackings: so they can be using your device to mine cryptocurrencies without you noticing | Technology

That the mobile phone overheats, that web pages take time to load or that an application does not open correctly are small setbacks that users are more than used to. However, they can also be symptoms that your devices have been hijacked. The cryptojacking, or crypto-kidnapping in Spanish, is the technique used by cybercriminals to use the victims’ terminals in order to mine cryptocurrencies such as Bitcoin. Mining is usually very expensive, requires significant investments and very powerful devices and leads to very high electricity bills. Through a kidnapping of this type they can save all that.

According to Sara Nieves Matheu, postdoctoral researcher in cybersecurity at the University of Murcia, the technology on which cryptocurrency transactions are based, the blockchain or chain of blocks, consists in that ”to write a block there is a mathematical algorithm that is very expensive computationally speaking. The way to write that block is to have a bunch of devices or a very powerful server. That requires a lot of electricity, computing power, processors… The first one that manages to write that block in the chain is the one that gets the reward, the bitcoins.” Therefore, cybercriminals try to avoid such expenses.

There are several ways to carry out hijacking, and some do not require the user to actively do anything. One of them is that criminals violate a mobile application. Matheu herself was a victim of this type of kidnapping, although she did not realize it: ” I went to use the application and I got a message that a vulnerability had been detected and Google had removed it from the store. Later, I saw articles explaining that this apps it served as a bridge to install other applications that did other things, in particular mining cryptocurrencies”. The app, CamScanner, was used to scan mobile documents and create PDFs and had over 100 million downloads. It was an official app, reviewed by Google on its Play Store; a clear example that it is not necessary to download something strange to end up being the victim of a cryptojacking.

In the case of applications, not all users have to be affected by the same type of attack. The researcher explains that “some can end up with applications that bombard them with ads, others, applications that are placed in the background to mine… It depends on the objective, but there are certain types of attacks that can affect everyone, especially when talking to mine bitcoins. What interests them is to have as many devices as possible mining”.

Cryptojacking can also occur after the user has accessed a malicious or compromised web page. In this case, there are two assumptions: one, that the mining occurs while you are on the web and, when you close the browser, the process ends, and another, that the browser is the gateway to downloading a code in the device, so that it will continue to operate even if the browser is closed. As Ángela García Valdés, a Cybersecurity Technician for Citizens at the National Cybersecurity Institute (INCIBE), explains, in this second case, “what is infected is not the browser, but the computer,” which is compromised by the mere fact of have accessed that page. No user interaction or approval is required for a download.

According to García Valdés, “any type of device that connects to the Internet can be the victim of such an attack, even a vacuum cleaner or a router, but, with the cryptojacking, what the cybercriminals want is to use the processor and the graphics card, so the more powerful the devices, the greater the economic benefit for them. Hijacking a clock won’t be as beneficial because its processor isn’t as efficient as a computer’s.

If the user observes that his device has slowed down, overheats when we are not using it, the applications hang or do not work well or even if he detects an increase in the electricity bill without having altered his habits, he can begin to consider having been the victim of a cryptojacking. Now, once it is suspected, how can the matter be solved? According to both experts, the first thing is to analyze the device with the antivirus that is installed. If the program detects any kind of malware or virus, since it is code that works behind the applications or the browser, it would not be enough, for example, to eliminate the application that has facilitated the entry. Therefore, it is best to consult the specific case with an expert. García Valdés recalls that INCIBE has a free helpline 017.

Although the level of sophistication of cryptojacking is remarkable and it is more difficult to detect than other types of viruses, as always, there are some preventive measures that can help protect your computers. The Murcian researcher insists that the plugin or plug-in programs are very useful to protect the browser from the installation of unwanted code and to detect it in case it manages to find its way. Of course, an antivirus that detects malware they should alert the user to their presence on the computer, and updating both the antivirus application and the device software and all applications is also essential.

In addition, the user can choose to install extensions that prevent the execution of JavaScript, the programming language that is usually used to install the type of code on which the program is based. cryptojacking. However, Matheu warns that JavaScript is also used for the operation of web pages in general, “so it may be that disabling this also harms the web’s navigability.” The user must decide the level of protection that he wants or that he considers sufficient.

You can follow THE COUNTRY TECHNOLOGY in Facebook Y Twitter or sign up here to receive our weekly newsletter.