The value of cryptocurrencies has been on a steady rise in recent years. Even if the market itself has experienced a downturn, the collective idea of crypto as an asset continues to be alluring, driving in more interested investors.
There are several ways to earn cryptocurrency, with one of those being mining. Cryptomining is the process of generating cryptocurrency using computational and energy resources, and it’s usually a rigorous process that requires tremendous effort. And like anything else where money is involved, certain people would rather cut corners than put in honest work. These are people who fraudulently mine cryptocurrency using illegitimate methods in what’s known as illicit cryptomining.
How Does Illicit Cryptomining Work?
Illicit cryptomining involves cyber-crooks tricking unwitting victims’ to have their computer or phones infiltrated with malicious malware that gives them (the crooks) access to their devices. They then use the devices’ CPU power to mine cryptocurrency with the returns going to them.
There are two main ways through which illicit cryptominers get into people’s devices:
#1. Binary-based – involves tricking the victims into clicking on a malicious link sent to their email or downloading and installing corrupted applications. These links and apps have cryptomining code that immediately embeds itself into the victim’s device as soon as they click on the link or install the app.
#2. Browser-based – this is when hackers infect websites and ads with malicious JavaScript code. Once a victim visits the websites or clicks on ads, the code is almost immediately loaded in their computer, and the script automatically launches the crypto mining code. Once this code runs on the unsuspecting victims’ device, the hacker gains access to the computer to begin surreptitiously mining cryptocurrency.
Which Cryptocurrencies are Illicitly Mined?
While any cryptocurrency could be the subject of illicit cryptomining, Ethereum and Monero are the most targeted. The two cryptos possess certain features that make them attractive to illicit cryptominers instead of, let’s say, Bitcoin.
For one, both cryptocurrencies can be mined with regular GPUs and CPUs. Second, the two cryptocurrencies, Monero especially, offer a relatively high level of transaction anonymity.
Is Illicit Cryptomining a Victimless Crime?
While illicit crypto mining does not target any specific person, it’s by no means a victimless crime.
In most cases, victims are often oblivious to the mining software embedded in their devices. If they are not keen enough to, for instance, notice reduced performance in their devices, they will never know what they were exposed to. Also, this cryptomining malware may overwhelm a device, causing users to experience low performance. And in extreme cases, the malware can permanently damage the device’s hardware.
What Factors are Enabling Illicit Cryptomining?
- Cryptocurrencies have exponentially increased in value, making illicit mining an attractive trade to cybercrime perpetrators
- Very few people and organizations invest in cybersecurity software, leaving a loophole for illicit crypto miners to exploit
- With the introduction of cryptocurrencies that offer transaction anonymity, illicit miners funnel crypto directly to their wallets without being traced
- Illegitimate mining tools are easily available on the dark web. In addition to this, the crypto mining malware is also a fairly simple code to write
- The increased practice of pool mining
How Can You Avoid Falling Victim?
To avoid falling victim to these cyber-attacks, you can follow some basic security guidelines;
- Download software only from reputable and authorized websites.
- Avoid clicking on random and anonymous email links or attachments.
- Install premium and legit antivirus software. Antivirus detects, removes, and protects your PC from any form of malware.
- Refrain from using easy passwords. Avoid setting up a password with your name, pet name, or birth date, followed by numbers. Stronger passwords are made of more than 15 characters
- Sharing or storing your login information on your device increases the risk of becoming a victim.
- Be keen to notice any abnormal PC behavior. High fan usage is usually a good giveaway.
- A downloadable browser extension such as NoCoin protects your PC against browser-based cryptocurrency mining. Ad-blocking extensions are equally important in preventing malware attacks since websites’ ads deliver some illicit mining malware. Such ad blockers can detect and stop cryptomining scripts.
- Regularly update software and the operating system to lock out attackers from exploiting known loopholes in the old versions.
- Check regularly to see if there are any changes in your computer’s sleep and hibernate functions. Any weird patterns might indicate interference with the cycle
- If you’re more tech-savvy, you can check existing crypto mining command lines and put up a firewall to prevent underhanded connections to mining pools. You can find a list of malicious websites here
- If you’re an organizational user, use the principle of ‘least privilege’. Users should have device accounts that allow them to perform only the necessary tasks. This lowers cryptomining risk by limiting the possibility of admins being duped into installing malicious software
- Use application controls that permit apps to run to a minimum. This measure would greatly curtail any cryptomining malware
Final Thoughts
Illicit crypto mining is one of the many scams used by people who want to earn cryptocurrency dishonestly. And while it may appear harmless, the fact is your programs are being slowed down, and your device is handling more than it was designed to do, potentially damaging it prematurely. And like any hacking trick, illicit crypto miners will continue finding new ways to carry out the attack. If you’re a device user, following the above simple guidelines should go a long way to protecting yourself.
