Cryptojackings: so they can be using your device to mine cryptocurrencies without you noticing

A man programs on his devices.UNSPLASH

That the mobile phone overheats, that web pages take time to load or that an application does not open correctly are small setbacks that users are more than used to.

However, they can also be symptoms that your devices have been hijacked.

Cryptojacking , or

-kidnapping in Spanish, is the technique used by cybercriminals to use the victims' terminals in order to mine cryptocurrencies such as Bitcoin.

Mining is usually very expensive, requires significant investments and very powerful devices and leads to very high electricity bills.

Through a kidnapping of this type they can save all that.

More information

Eight arrested for scamming thousands of young people with the promise of making them millionaires with cryptocurrencies

As Sara Nieves Matheu, a postdoctoral researcher in cybersecurity at the University of Murcia, explains, the technology on which cryptocurrency transactions are based, the

or chain of blocks, is that "to write a block there is a mathematical algorithm that is very computationally expensive.

The way to write that block is to have a bunch of devices or a very powerful server.

That requires a lot of electricity, computing power, processors… The first one that manages to write that block in the chain is the one that gets the reward, the bitcoins.”

Therefore, cybercriminals try to avoid such expenses.

There are several ways to carry out hijacking, and some do not require the user to actively do anything.

One of them is that criminals violate a mobile application.

Matheu herself was a victim of this type of kidnapping, although she did not realize it: '' I went to use the application and I got a message that a vulnerability had been detected and Google had removed it from the store.

Later, I saw articles explaining that this

it served as a bridge to install other applications that did other things, in particular mining cryptocurrencies''.

The app, CamScanner, was used to scan mobile documents and create PDFs and had over 100 million downloads.

It was an official app, reviewed by Google on its Play Store;

a clear example that it is not necessary to download something strange to end up being the victim of a cryptojacking.

In the case of applications, not all users have to be affected by the same type of attack.

The researcher explains that "some can end up with applications that bombard them with ads, others, applications that are placed in the background to mine... It depends on the objective, but there are certain types of attacks that can affect everyone, especially when talking to mine bitcoins.

What interests them is to have as many devices as possible mining''.

Cryptojacking can also occur after the user has accessed a malicious or compromised web page.

In this case, there are two assumptions: one, that the mining occurs while you are on the web and, when you close the browser, the process ends, and another, that the browser is the gateway to downloading a code in the device, so that it will continue to operate even if the browser is closed.

As Ángela García Valdés, a Cybersecurity Technician for Citizens at the National Cybersecurity Institute (INCIBE), explains, in this second case, "what is infected is not the browser, but the computer," which is compromised by the mere fact of have accessed that page.

No user interaction or approval is required for a download.

According to García Valdés, "any type of device that connects to the Internet can be the victim of such an attack, even a vacuum cleaner or a

but with

what cybercriminals want is to use the processor and the graphics card, so, the more powerful the devices, the greater the economic benefit for them.

Hijacking a clock won't be as beneficial because its processor isn't as efficient as a computer's.

If the user observes that his device has slowed down, overheats when we are not using it, the applications hang or do not work well or even if he detects an increase in the electricity bill without having altered his habits, he can begin to consider having been the victim of a cryptojacking.

Now, once it is suspected, how can the matter be solved?

According to both experts, the first thing is to analyze the device with the antivirus that is installed.

If the program detects any type of

or virus, since it is a code that works behind the applications or the browser, it would not be enough, for example, to eliminate the application that has facilitated the entry.

Therefore, it is best to consult the specific case with an expert.

García Valdés recalls that INCIBE has a free helpline 017.

You already have the keys to prevent #cryptojacking, but if you have any doubts, call us at ☎️017 or contact us through:

📲 #WhatsApp: https://t.co/AZhHp0Hdb7

📲 #Telegram: https://t.co/ VqwQnvu8gj

💻 #LearnCybersecurity with @INCIBE: https://t.co/AuOj8v3sRh pic.twitter.com/cf7axWDOxz

– INCIBE (@INCIBE) June 24, 2021

Although the level of sophistication of cryptojacking is remarkable and it is more difficult to detect than other types of viruses, as always, there are some preventive measures that can help protect your computers.

The Murcian researcher insists that

or complementary programs are very useful to protect the browser from the installation of unwanted code and to detect it if it manages to make its way.

Of course, an antivirus that detects

should alert the user to its presence on the computer, and updating both the antivirus application and the device software and all applications is also essential.

In addition, the user can choose to install extensions that prevent the execution of JavaScript, the programming language that is often used to install the type of code on which

is based .

However, Matheu warns that JavaScript is also used for the operation of web pages in general, "so it may be that disabling this also harms the navigability of the web."

The user must decide the level of protection that he wants or that he considers sufficient.

You can follow

Exclusive content for subscribers

read without limits

subscribe

I'm already a subscriber