Cryptojacking (cryptographic hacking) 🔴 Attack

Le cryptojackingalso known as cryptographic hackingis a form of cyber attack insidious and increasingly widespread. It consists of cybercriminals à secretly exploit IT resources (CPU processor, graphics card GPURAM, bandwidth, and therefore electrical power) of victims, without their consent or knowledgein order to generate cryptocurrencies (such as Bitcoin, Monero, Ethereum and other digital currencies).

Unlike other more direct and visible cyberattacks such as the ransomwarecryptojacking is distinguished by its stealth. The hackers' aim is not to paralyse the victim's system, but to monetise discreetly using its computing power to mine cryptocurrencies. This illegal activity enables attackers to generate potentially significant revenue without having to bear the significant costs associated with legitimate mining (purchase of specialised hardware, high power consumption, etc.).

---

📓 Characteristics of cryptojacking

 

1. Stealth and discretion: cryptojacking is designed to operate in backgroundThey minimise visible signs of infection to avoid detection for as long as possible. Hackers seek to maximise the duration of the infection to maximise their profits.
2. Wide range of targets : no connected system is safe. Potential targets are extremely varied and include :
   • Individuals : personal computers, smartphones, tablets.
   • Companies of all sizes: employee workstations, company servers, IT infrastructures.
   • Cloud service providers : cloud servers, virtual instances (because of the concentrated and often under-secured computing power).
   • Connected objects (IoT) : surveillance cameras, routers, home automation devices (often overlooked in terms of security).
   • Critical infrastructure : industrial control systems, energy networks, potentially healthcare systems (although less frequently targeted, the risk does exist).
3. Profitability for attackers, low risk : cryptojacking is perceived as a cybercriminal activity relatively low risk for attackers, as it is less visible than other types of attack and can generate ongoing passive income as long as the infection remains undetected. The cost of launching a cryptojacking campaign is also relatively low.

---

🦟 Infection vectors

 

1. Web scripts (Drive-by Mining) : malicious JavaScript code injected into compromised websitesonline advertising platforms, or directly in malvertising. When a user visits the site or the ad appears in their browser, the script is executed and starts mining cryptocurrencies. directly via the victim's web browserwithout installing any software. Coinhive is the emblematic example of this technique.
2. Malware (malicious software) : more persistent and sophisticated cryptojacking software, spread by traditional methods :
   • Phishing and social engineering : fraudulent e-mails encouraging victims to download infected attachments or click on malicious links.
   • Corrupted attachments : booby-trapped documents, images or executable files.
   • Hacked or compromised applications : illegally downloaded software or modified versions of legitimate applications containing a hidden minor.
   • Vulnerabilities software : exploiting security holes in operating systems or applications that have not been updated (unpatched servers, obsolete software).
3. Containerised environments (Docker/Kubernetes) : insecure configurations of Docker containers or Kubernetes orchestrators in cloud environments. Malicious containerised images can be distributed on public registries such as Docker Hub, or vulnerable configurations can allow intrusion and installation of miners in containers.
4. Malicious browser extensions : extensions that appear legitimate, but contain a hidden cryptocurrency miner and activate without the user's knowledge.

---

 How cryptojacking works

 

1. Infection :
   • Execution of the script or malware : the web JavaScript script is activated when a compromised page is visited. The malware is executed after download and installation (often covertly). Examples of known cryptojacking malware include CoinMiner, PowerGhost, XMRig, and Lemon_Duck.
   • Exploitation of vulnerabilities : attackers can scan the network for servers or systems with known, unpatched vulnerabilities (absence of patches security) ors exposed ports (unprotected services accessible from the Internet) to install a minor.
2. Clandestine mining :
   • Intensive use of resources : Once installed, the miner uses the computing power of the victim's CPU (processor) and/or GPU (graphics card) to solve complex Proof of Work algorithms, which are needed to validate transactions and create new blocks in the targeted cryptocurrency's blockchain.
   • Anonymous cryptocurrencies favoured : Cryptocurrencies that are mined are often those that offer better anonymity and more difficult traceability, such as Monero (XMR), but others such as Zcash or Ethereum Classic can also be targeted.
   • Transfer of profits to the attacker's portfolio : the cryptocurrencies generated are automatically sent to the digital wallet controlled by the cybercriminal.
3. Persistence and escape :

• • Hiding processes : Miners attempt to hide themselves so as not to be detected by the user or security tools. They may use rootkit techniques to hide their running processes.
  • Deactivating safety devices : Some cryptojacking malware may attempt to deactivate or bypass the security tools present on the victim's system (antivirus, etc.), firewalletc.).
  • Lateral propagation : in corporate networks, miners can attempt to propagate laterally to other vulnerable machines, thereby increasing the total computing power available to attackers.

---

💥 Consequences of cryptojacking

 

1. System slowdown and instability :
   • Overheating of appliances : intensive use of the CPU/GPU generates excessive heat, which can damage components over the long term and cause crashes.
   • Latency and slowness : applications and the operating system become slow and unresponsive, making the device difficult to use.
   • Blockages and crashes : In extreme cases, the system may become unstable and lock up.
2. Increased energy costs :
   • Higher electricity bills : energy consumption soars as a result of constant mining activity, having a significant impact on electricity billsespecially in professional environments (data centres, businesses).
   • Environmental impact : cryptojacking contributes to an increase in the carbon footprint due to unnecessary energy consumption.
3. Premature material wear :
   • Reduced component life : Overheating and intensive use of the CPU/GPU accelerate wear and tear on electronic components, reducing their lifespan and potentially requiring more frequent hardware replacement.
4. Potential legal risks :
5. • Indirect criminal liability : although the victim may have been hacked, the IP address of their internet connection may be associated with illegal activity (cryptocurrency mining), which could potentially pose legal problems, particularly in the event of an investigation

 

---

👉 Famous examples

 

• Coinhive (2017-2019): The Coinhive JavaScript script has become infamous. It was embedded in legitimate websites (sometimes without the owners' knowledge) or hacked sites. When a visitor opened the page, the script mined Monero via their browser. Although Coinhive presented itself as an alternative monetisation solution for websites, its use became widespread in a cryptojacking context.
• Smominru : a botnet (network of zombie machines) that infected more than 500,000 Windows machines around the world, mainly servers, to mine cryptocurrencies.
• Attacks via Docker Hub : malicious containerised images containing minors were released on the Docker Hub image-sharing platform, trapping developers and companies who used them without checking.
• Cryptojacking on Microsoft Exchange servers : Vulnerabilities in Microsoft Exchange servers have been exploited to install miners on thousands of servers around the world.

---

🔎 Detection and protection