To understand whatcryptojackingis, you need to know whatcryptocoins, or cryptocurrency, are and how you can make moneyfromthem. Cryptocoins are virtual coins.There are hundreds ofcryptocoinsout there,but the best known one is the Bitcoin.
To get a Bitcoin or anothercryptocoinand therefore make money, a computer needs to carry out many calculations that require a large amount of energy (CPU). For these calculations a computer or smartphone is rewarded with Bitcoins. This process is called cryptomining.
As the number of calculations needed to make money ishuge, more and more devices are needed to perform these calculations. This is why miners try to access your device in order to use it without your knowledge to collectcryptocoins. This is referred to ascryptojacking.
How can you detectcryptojacking?
When acryptomineris active, you notice a very high level of use of the graphics card and/or CPU. The browser uses 40% or more of the available computing power. This means yourcomputer or smartphone runsslower, the battery is depleted faster, and the temperature of the device riseswhile the script is running.In addition, a higher utilisation of the device results in ahigher electricity bill.
To find out whetheryourbrowser is mining cryptocurrency, you can use the task manager (Windows) or the activity monitor (Apple):
Windows task manager
- Open the task manager by right-clicking the taskbar and selecting “task manager”.
- Click “More details”.
- Go to the “performance” tab to view the CPU usage.
Macintosh activity monitor
- ClickCommand+Spacebar to activate the “Spotlight search field”.
- Type “Activity Monitor”.
- Press Return when “Activity Monitor” appears in the results.
- You are now in Activity Monitor, where you can manage and change tasks.
Do you think your device is being used forcryptojacking?
- If your computer or smartphone slows down or warms up or if the web browser does not respond, restart the web browser.
- Inform CERT.be by sending an e-mail to cert@cert.be.
- As you are a victim, file a complaint with the local police.
What can you do to preventcryptojacking?
- Use an anti-virus program and possibly an adblocker.
- Only install browser extensions/plugins you trust and are offered by a trusted app-store (Google Play, Microsoft store etc.).
- Regularly check the extensions installed in your browser anddeletethe extensions you no longer need. The more extensions, the greater the risk of malicious extensions or a vulnerability. Make sure they are restricted to a minimum.
- Advanced users can switch off JavaScript and only permit trusted websites to run on JavaScript.