Simultaneously with the development of the cryptocurrency industry in recent years, there have been more and more cybercrimes, one of which is cryptojacking or hidden mining. According to research, the number of such attacks in the first half of 2022 increased by 30% compared to the same period last year, according to RBC Crypto.
Hidden mining has been used by attackers for several years: in 2017, the JS/CoinMiner malware was detected, whose activity mainly fell on the Russian—speaking segment of the Internet – 65% of the repelled attacks were in Russia. And in 2019, according to the FSB, hackers infected the information resources of large companies, including the websites of state organizations, with mining programs.
Hidden mining gives criminals more chances to remain unnoticed for a long time than with any other type of fraud. Many users see that their devices are starting to work slower, but attribute this to memory congestion or other reasons, but do not associate the slowness of processes with infection with computer viruses.
Hidden mining or cryptojacking is the unauthorized use of a computer or smartphone by attackers to mine cryptocurrency when the owner of the device does not know about this process. As a rule, such a scheme is carried out by hackers by introducing a special malicious program into the computer — a virus or a miner bot.
Such programs can be combined into a botnet — a network of malware-infected devices, which is controlled by hackers from a single center. For the effectiveness of such mining, it is usually necessary to infect many computers. Therefore, attackers are more likely to pay attention to the networks of large companies, but home computers and smartphones are also being attacked.
As a rule, through hidden mining, attackers mine cryptocurrencies such as Monero. This coin is anonymous, its transactions cannot be tracked. Monero mining can be carried out on the CPU, that is, on conventional processors that are available in all computers.
The main task of the attacker is to install a virus on the user’s computer. Most often, the miner gets to the device with the help of a „dropper“, whose function is to secretly install other programs. „Droppers“ usually disguise themselves as pirated versions of licensed products that users find on file sharing sites and download.
If there is no antivirus on the device, then the malware runs as a hidden program and registers itself in the startup of the computer. Such viruses are often disguised as system files, and users perceive them as a mandatory part of the software.
Smart viruses adapt to user activity: they can work when the computer is free and shut down during heavy loads. In order not to arouse additional suspicions, viruses do not use the free capacity of devices by 100%.
First of all, you should pay attention to the operation of your device. If it starts to work incorrectly: the computer starts up for a long time, restarts itself or cannot shut down in the usual way, then this may indicate the presence of a hidden miner. The virus can give out increased operation of the device or its overheating at a time when it is not running any „heavy“ applications and the user is not working.
Mining significantly loads the power of the processor and video card. Therefore, the slow operation of a computer or smartphone can also indicate malware infection. In the case when the task manager shows any files that do not respond to the shutdown command, it is worth checking these programs. If your computer or smartphone does not slow down and does not overheat, then there is a high probability that there is no malware on it.
To find a hidden miner, sometimes it is enough to scan your computer with an antivirus. Large cybersecurity companies often update their antivirus databases, including adding information about mining viruses. However, if the virus is encrypted using cryptography, then the antivirus may not find it.
More serious forms of viruses can be installed when using flash drives or downloading updates to popular programs not from official websites. Such viruses may not be visible through the task manager, which significantly complicates their search on the computer.
If you cannot detect the virus, but suspect its presence, check the temperature of your computer or smartphone when the device is not loaded. You can also set up system load monitoring and monitor network traffic, since mining requires constant communication with the pool.
The easiest way to remove such a virus is to reinstall the system. Malware can also be removed using special removal programs, after enabling the display of hidden folders and files on the computer.
There is paid software on the market to protect against cryptojacking. Such programs prevent the installation of various viruses and block the domains of many mining pools.
To make attackers less likely to use your equipment, you should update the operating system and applications responsible for the security of your computer in a timely manner. Downloading updates from the official websites of software manufacturers and removing unnecessary applications can also increase the protection of your devices from both mining viruses and other malware.