Secret mining allows criminals to go unnoticed. How this scam works, and what will help you determine if your computer is being used by intruders
Simultaneously with the development of the cryptocurrency industry in recent years, there has been an increase in cybercrimes, one of which is cryptojacking or hidden mining. According to research, the number of such attacks in the first half of 2022 increased by 30% compared to the same period last year.
Hidden mining has been used by cybercriminals for more than a year: in 2017, the JS/CoinMiner malware was detected , the activity of which mainly fell on the Russian-speaking segment of the Internet – 65% of the reflected attacks were in Russia. And in 2019, according to the FSB, hackers infected the information resources of large companies, including the websites of government organizations, with mining programs.
Stealth mining gives criminals a better chance of staying undetected for longer than any other type of scam. Many users see that their devices start to work more slowly, but attribute this to memory load or other reasons, but do not associate the slowdown of processes with computer virus infection.
What is Cryptojacking?
Hidden mining or cryptojacking is the unauthorized use of a computer or smartphone by attackers to mine cryptocurrency when the owner of the device is not aware of this process. As a rule, such a scheme is carried out by hackers by introducing a special malicious program into the computer – a virus or a miner bot.
Such programs can be combined into a botnet – a network of devices infected with malware, which is controlled by hackers from a single center. For such mining to be effective, it is usually necessary to infect many computers. Therefore, attackers are more likely to pay attention to the networks of large companies, but home computers and smartphones are also attacked.
As a rule, through hidden mining, attackers mine cryptocurrencies such as Monero. This coin is anonymous, its transactions cannot be tracked. Mining Monero can be done on the CPU, that is, on the usual processors that are in all computers.
The main task of an attacker is to install a virus on the user’s computer. Most often, the miner gets on the device using a “dropper”, the function of which is to covertly install other programs. “Droppers” are usually disguised as pirated versions of licensed products that users find on file hosting sites and download.
If there is no antivirus on the device, then the malware runs as a hidden program and registers itself in the computer’s startup. Such viruses often disguise themselves as system files, and users perceive them as an indispensable part of the software.
Smart viruses adapt to the user’s activity: they can work when the computer is free and turn off during heavy loads. In order not to cause additional suspicions, viruses do not use the free capacity of devices by 100%.
How to Detect a Virus?
First of all, you should pay attention to the operation of your device. If it starts to work incorrectly: the computer starts up for a long time, reboots on its own, or cannot shut down in the usual way, then this may indicate the presence of a hidden miner. A virus can be issued by the increased operation of the device or its overheating at a time when no “heavy” applications are running on it and the user is not working.
Mining significantly loads the power of the processor and video card. Therefore, a slow computer or smartphone may also indicate a malware infection. In the case when the task manager shows any files that do not respond to the shutdown command, it is worth checking these programs. If your computer or smartphone does not slow down or overheat, then there is a high probability that there is no malware on it.
To find a hidden miner, sometimes it is enough to scan your computer with an antivirus. Large cybersecurity companies often update their antivirus databases, including adding information about miner viruses. However, if the virus is encrypted using cryptography, then the antivirus may not find it.
More serious forms of viruses can be installed when using flash drives or downloading updates to popular programs that are not from official sites. Such viruses may not be visible through the task manager, which makes it difficult to find them on the computer.
If you cannot detect a virus but suspect it is present, check the temperature of your computer or smartphone when the device is idle. You can also install system load monitoring and monitor network traffic, since mining requires a constant connection with the pool.
How to Remove Malware?
The easiest way to remove such a virus is to reinstall the system. Also, malware can be removed using special removal programs, after enabling the display of hidden folders and files on the computer.
There are paid cryptojacking protection software on the market. Such programs prevent the installation of various viruses and block the domains of many mining pools.
To make it less likely for intruders to use your hardware, keep your operating system and security applications up to date on your computer. Downloading updates from the official websites of software manufacturers and removing unnecessary applications can also increase the protection of your devices from both mining viruses and other malware.