Cryptojacking and How to Protect End Users

Cryptojacking or Drive-by mining is a User Security violation detected by Adsecure that Malvertisers use to take over an end user’s device to secretly mine different cryptocurrencies through their browser. It is designed to stay completely hidden from them, stealing their bandwidth and processing power on behalf of the cybercriminal.

First, a little bit of background: cryptocurrency, crypto mining and cryptojacking

Cryptocurrency is digital money, in the form of tokens or coins. Bitcoin is one of the most famous ones, although currently we can find more than 3,000 options. Crypto coins use blockchain to operate, which is regularly updated with existing and closed transactions, organized in information blocks. To create these blocks, cryptocurrencies require individuals to trade computing power with them, in exchange for an economic reward - these individuals are crypto miners.

Here’s where Crypto jacking or drive-by mining comes into play: crypto cyber criminals are after the benefits of mining, without the expense of owning a mining hardware, plus electricity bills. Instead, they use the victim’s resources.

Crypto jacking scam using an end user's CPU power

CPU time used by a miner detected by the AdSecure active monitoring tool.

Different types of currencies require different CPU power. BitCoin, for instance, needs very powerful and expensive specialized hardware, which means that it isn’t always eligible for this kind of scam. However, other currencies such as Monero, can be mined with a standard CPU, which makes it very popular amongst cryptojackers.

  • As of 2022 Q1, AdSecure detected 19,890 drive-by mining threats, a 0.35% of the threats detected under AdSecure’s User Security category. 
  • In 2021, drive-by mining was one of the Top 5 User Security Violations (1,8% of the detections), with over 300,000 threat detections.

To 5 User security violations

To 5 User security violations

So, what is Crypto jacking and how does it work?

The cryptojacking threat embeds itself in a device and uses its CPU power to secretly mine for cryptocurrencies. Some websites are transparent about the fact that they use the visitor’s computing power to mine, in fact they offer it as an exchange: the user gets free content, and the site publisher uses their device’s resources to mine. The goal is to keep the user on the site for as long as possible to mine uninterruptedly, which makes games and video sites most popular for crypto mining. The exchange finishes when the user leaves the website. This would be an example of end user opt in legitimate, transparent crypto mining.

But cyber criminals take a different approach. When an end user clicks on an ad which contains hidden crypto-mining script or visits a malicious website that has been compromised, he may start to find his device getting overheated or running slowly, then most likely he has become a victim of cryptojacking. Instead of infecting websites and ads, many times cybercriminals also carry out cryptojacking by gaining access to vulnerable apps. Once the user downloads these apps, they will stay in the background of the end user's phone or tablet to mine cryptocurrencies.

The mining can continue indefinitely even after the end user closes the browser, seriously slowing down their device performances, and even causing real costs, such as increased electricity bills. Drive-by mining can significantly damage an end user’s relationship with a publisher site that caused this user security violation, and the publisher’s relationship with the ad network they use for serving the malicious ad.

Here is an example of AdSecure’s detection flagging a crypto drive by mining violation:

Cryptojacking attack detected by the AdSecure software

Drive-by mining threat detected by the AdSecure software. The malicious script used was: https://authedmine.com/lib/simple-ui.min.js.

Protecting the end users against Crypto jacking detections

It is both publishers’ and ad networks' responsibility to protect the end user from security threats such as cryptojacking. To build trust, provide a safer browsing experience and ensure the increase and retention of web visitors, it is key to avoid negative experiences such as decreased device performance, the appearance of unwanted programs, real-life costs, stolen sensitive data, and more.

To that end, both publishers and ad networks should have a dedicated compliance team or/and an ad quality and safety solution such as AdSecure to help them actively monitor ad content to improve and optimize their users’ browsing experience, making the internet a better and safer place for all users.

Learn more about how AdSecure’s industry leading ad monitoring tools help ad networks and publishers protect end users and reputations from malicious advertising violations - Contact us now!

Recommended Posts