Cryptojacking is a growing problem and it's starting to become one of the biggest computer threats out there. With the current cryptocurrencies explosion, this new kind of profit-generating practice is quickly spreading.
While cryptomining is a completely legal way to earn cryptocurrencies, cryptojacking is another story. It's a new scheme by cybercriminals to profit off your gadget without your knowledge.
Since this practice can lead to higher energy bills, overworked gadgets and even burned out phones, cryptojacking is the latest security threat you need to keep your eye on.
What is cryptojacking?
First, to understand what cryptojacking is, you need to know what cryptomining is.
In basic terms, cryptomining is a way to contribute to the massive computational horsepower and energy needed to maintain and validate a cryptocurrency's transaction network and ledger (such as Bitcoin's blockchains).
Since cryptocurrencies do not have central governing bodies like regular currencies have with banks, they require the public's help to secure it. To compensate "miners," they have the incentive of being rewarded extra Bitcoin whenever they verify a new transaction block.
Bitcoin mining is difficult by design and it requires "miners" to solve extremely complex math equations. This activity needs tons of computer processing and, of course, the hardware that performs it consumes a lot of electrical energy.
In fact, statistics show that each Bitcoin transaction consumes enough energy to boil about 36,000 kettles of water! That can rack up your electric bill, for sure.
However, instead of putting up server farms dedicated to cryptomining, clever programmers have found a way to publicly outsource the processing power needed for this activity by using a user's computer web browser.
Think of it as similar to a botnet, except it's used for mining cryptos like Bitcoin or Monero instead of performing denial of service attacks.
Cybercriminals can even inject this code into legitimate websites without the publisher's knowledge and worse, infect entire public Wi-Fi networks.
This is, in essence, what cryptojacking is all about. And with it, some sites may be making cryptocurrencies off your gadget without your permission and you won't even get a virtual nickel out of it.
Android smartphones are more susceptible
According to a research paper from computer security firm ESET, cryptocurrency scams are more prevalent on the Android platform.
Why? It's due to third-party app stores, fake apps and Android's vulnerability to drive-by malware.
Additionally, although Google is now cracking down on cryptomining software on both its Chrome Web Store and Google Play app store, an Android user's ability to sideload apps from unknown sources and grant system permissions to sketchy programs can still be exploited by these crafty cybercriminals.
Note: There are currently no known instances of cryptojacking apps nor malware affecting iOS gadgets since the Apple App Store is generally much locked down than the Google Play Store. Plus, iOS doesn't allow the installation of apps from third-party app stores.
However, iPhones and iPads are still vulnerable to malicious cryptojacking web scripts and ads.
Signs that your smartphone has been cryptojacked
Cryptojacking software is meant to run in the background without being detected, but there are tell-tale signs that a website or your gadget has it.
- You may notice slower than usual internet connections and slower computer performance. Since cryptomining uses your computer's processing cycles, it consumes more energy so you'll notice a shorter battery life.
- Cryptojacking malware can also overwork your smartphone excessively and it can literally overheat it and burn it to the ground.
- Try rebooting your Android phone, or better yet, boot into safe mode to troubleshoot any errant apps. If resetting your device doesn't resolve the high resource usage, then there's a high probability that your phone is cryptojacked.
How to prevent smartphone cryptojacking
As always, to protect yourself against Android malware, the best practice is to avoid downloading and installing apps from "Unknown Sources."
Only download apps from the official Google Play app store and make sure you check user reviews, too, before installing.
Also, look out for surprise app permission requests that might pop out and never grant them!
Second, both on Android and iOS, be careful with links and websites you visit. Drive-by malware downloads could happen anytime without you knowing it. Don't grant any system permissions to prompt coming from unknown sources.
Always be careful with texts, emails and websites that have video links that won't play unless you "install and update your video plugins" (for example, Flash Player). This is actually how they get an initial foothold on your gadget.
Stay away from questionable websites and if you happen to click on an ad banner, watch out for software that it might install.
And finally, make sure you enable Android's real-time security program, Google Play Protect. It certainly will be a huge help in containing malicious apps before they can cause damage.
If you suspect that your Android phone is already infected with cryptojacking malware, the ultimate way to make sure that it's clean is back up your phone, and try a factory reset.
A factory reset can be done on an Android device by going to Settings >> System >> Reset options. It's important that you make sure your phone is completely backed up before you do it, or you’ll have to get all your contacts, notes, apps, and other information back by hand!
Note: For all your backup needs we recommend our sponsor IDrive. IDrive lets you backup all of your devices, whether you have a Mac, PC, Android, iPad or iPhone. And, you can conveniently manage your backups through a single online account. Go to IDrive.com and use promo code Kim to receive an exclusive offer.
Have a question about cryptojacking? Kim has your answer! Click here to send Kim a question, she may use it and answer it on her radio show. The Kim Komando Show is broadcast on over 450 stations. Click here to find the show time in your area.
Windows 10 flaw could let somebody take over your computer
It's a game of cat and mouse as hackers continuously poke holes in popular software and developers patch them as they come. The worst of these bugs are what are known as "zero-day" bugs. Click here and learn about the latest one that's currently affecting Windows machines.