Here, we will address cryptojacking in mobile devices in a bid to spread more awareness about it. We’ll dive into what cryptojacking is, how to detect it, and how to prevent it as well.
Cryptocurrency dates back to the 1980s, but its popularity soared from 2017 to 2018. People flocked to invest in these currencies and the value of these currencies skyrocketed.
But not everyone bought these currencies, but instead, they earned them through a process called crypto mining. This involves completing “blocks” of verified transactions which are added to the blockchain. However, crypto mining requires a huge amount of resources and computing power. In return, these miners would be rewarded with cryptocurrency tokens.
Now, we all know hackers never miss an opportunity. So, while crypto mining gained popularity, so did cryptojacking wherein attackers hack into devices such as mobile phones. Next, they steal the resources of the device and divert it to crypto mining activities.
As per Webroot’s Mid-Year Threat Report Update, instances of cryptojacking are so rampant that it is now the top cyberthreat, surpassing ransomware.
What Is Cryptojacking?
Crypto Jacking is an activity where cybercriminals hack into target systems like mobile devices, laptops, and personal computers and install cryptocurrency mining software. The software is designed to consume resources of the device to mine for cryptocurrency.
Once they’re successful in mining cryptocurrencies, the hackers receive a commission from the same, in the anonymous cryptocurrency Monero.
There are different types of crypto jacking – file-based, browser-based, cloud-based, and mobile app-based. In the first instances of cryptojacking, hackers targeted computers and mobiles. They used the browsers on the devices to install Coinhive, a cryptomining software on to the device.
Cryptojacking In Mobile Devices
With so many mobile devices connecting to websites and apps, these devices are greatly targeted. Here’s what you need to know:
- The cryptomining code is easy to deploy and works in the background.
- It’s usually undetected by most victims.
- The hacker isn’t granted the usual command-and-control link.
- Plus, the user is only losing processing cycles that are already idle, thereby making it even more difficult to catch.
- To process transactions, the software uses the device’s processor cycles.
- An attacker can also hack other digital wallets using the device’s resources to steal cryptocurrency.
- While malware usually disrupts and damages a victim’s device and their data, cryptojacking scripts don’t cause any other harm.
How Does Mobile Device Cryptojacking Work?
To run cryptojacking activities, hackers first need to install crypto mining code on the mobile device. Usually, hackers set up malicious code on websites and ads to dupe victims into downloading cryptomining software. By simply visiting these malicious sites or viewing malicious pop-ups, hackers are able to execute the cryptomining script.
Hackers also send their potential victim’s phishing emails in hopes they click on the link included in the email. Upon clicking this link, an attachment will automatically download onto their device. This will execute the installation of the crypto mining code.
Both methods are popularly used by hackers as this gives them better chances of gaining more victims, more resources, and thus, successfully running their cryptomining activities. This script will run quietly in the background unknown to the victim.
How To Detect Cryptojacking Attacks
For a regular user, it’s hard to detect a cryptojacking attack. They might be under the impression that their device has slowed down because it’s outdated or there’s a problem with the hardware. However, there are ways to properly identify if it’s cryptomining software that’s causing the problem.
- Look out for slow response times and a general lag while using your mobile device.
- Check for the severe battery drain on your device.
- Monitor your phone for higher-than-normal data usage. There are apps available to track your phone’s data usage.
- Install a network monitoring solution on your device like Fing, WiFi Analyzer and NetCut.
- Cryptojacking is a resource intensive process and can cause your phone to become extremely hot. You may see warnings of overheating displayed on your phone.
- Use anti-malware software on your phone to scan and detect any hackers.
- If you suspect your device is being attacked, it might be best to seek professional help. You can visit your device’s service station to get it checked.
It helps greatly to do sufficient research on the topic and be aware of new and upcoming cryptojacking trends.
How To Prevent Cryptojacking On Your Mobile Device
A report from Digital Shadows titled “The New Gold Rush Cryptocurrencies Are the New Frontier of Fraud” reveals that cryptojacking kits are available on the dark web for as little as $30. Knowing how easy cryptojacking is, it’s best to take ample measures to minimize the risk of becoming a victim of cryptojacking attacks. Here’s what we suggest:
- Keep anti-virus software up-to-date on mobile devices.
- Close tabs on your mobile browsers after each use.
- Be careful about the ads and links you click on. Ensure they are trusted sources.
- Be careful of opening suspicious emails, especially if your email provider has flagged it as phishing emails.
- If you need to download files, make sure it’s from authentic sources.
If you’re worried about your organization’s security, here are some important measures you can take:
- Conduct awareness training for employees to understand cryptojacking and how it can affect not just their computers but their mobile devices as well.
- Train your IT team to detect cryptojacking attacks at an earlier stage.
- Install anti-crypto mining extensions such as miner block, No Coin, and Anti Miner that keep cybercriminals from accessing their devices online.
- Use ad-blockers to block malicious code in online ads.
- Ensure all employees use strong passwords to ensure a better system and protection.
- Advise them to download only trusted apps on their phones.
Related topics- Top 10 Cyber Security Vulnerabilities Used by Cyber Criminals
Though cryptojacking is not considered to be as severe as attacks like ransomware, you wouldn’t want to be a victim of it. Cryptojacking means your mobile device will be carrying an unnecessary cryptojacking script. This will increase your data usage, drain your battery and slow down your phone.
So, it’s best to be aware of the risks arising from such an attack and take measures to prevent it – whether you’re an individual or an organization.
Of course with organizations, the stakes are higher. Such an attack poses a significant cost in repairing the hack and an indirect cost in productivity.
That brings us to the end. We hope this article helps shed more light on the topic and brings about awareness of taking preventive measures against cryptojacking in mobile devices.
Harshit Agarwal is CEO & Co-Founder at Appknox, a completely automated vulnerability assessment platform. He has 8 years of experience in the technology and security space. He has worked with Fortune 100 companies to set up end-to-end and continuous mobile application security processes.