According to Benson Sanyanga, Communication and Security expert, there has been a wide breach of security during the last quarter of the year 2017 and the first quarter of this year (2018). Some businesses were brought to their knees by ransomware in the year 2017 and some were deadly devastated to the extent that they never recovered.
Earlier this year the meltdown and spectre exploit that attacks and targets CPU were a threat to individuals and up to now are still a rising phenomenon. Hackers around the globe are using these exploits to increase their chances of mining cryptocurrencies by harnessing some victim’s processor power to boost their own performance (Cryptojacking).
What is Crypto Currency Mining?
Transactions that occur on the network such as, “X sends 10 bitcoins to Z”, are collected by a miner and bundled up into a block. The miner then verifies that all transactions in the block are valid as if he attempts to submit a block with an invalid transaction, the block will be rejected. An example of an invalid transaction would be X sending 10 Bitcoins to Z, even though she does not have 10 Bitcoins to send.
After the miner has successfully verified that all transaction in the block are valid, he must then compute a cryptographic hash (hash function which takes an input (or ‘message’) and returns a fixed-size alphanumeric string. The string is called the ‘hash value’, ‘message digest’, ‘digital fingerprint’, ‘digest’ or ‘checksum’).
It is necessary for miners to perform this computation in-order to prevent just anyone from creating blocks, therefore, secures the network against fraudulent blocks.
Computing a cryptographic hash requires a large amount of computing power as hundreds of millions of calculations are needed to be performed each second. This process is known as proof-of-work. This is when the hackers do a process called Cryptojacking.
Once the miner successfully solves the hash, his block is then relayed to the network to be checked against the consensus rules. Once accepted, the block is then added to the blockchain network and the miner is rewarded with a set amount of the cryptocurrency.
How Cryptojacking works
There are two primary ways to get a victim’s computer to secretly mine cryptocurrencies. One is to trick victims into loading Cryptomining code onto their computers. This is done through tactics: Victims receive a legitimate-looking email that encourages them to click on a link. The link runs code that places the Cryptomining script on the computer. The script then runs in the background as the victim works.
The other method is to inject a script on a website or an ad that is delivered to multiple websites. Once victims visit the website or the infected ad pops up in their browsers, the script automatically executes. No code is stored on the victims’ computers. Whichever method is used, the code runs complex mathematical problems on the victims’ computers and sends the results to a server that the hacker controls.
How do I protect myself?
- Avoid downloading Non-Play Store apps and mods because they often have trojans and or virus embedded into their code through steganography a (practice of concealing a file, message, image, or video within another file, message, image, or video).
- These apps may also be an adware that can drain your battery power and consume your data quickly.
- Avoid providing your email or social messaging account details to third-party apps that may request them, these apps are usually created by hackers to phish your personal information and then send to their creators who in turn may steal your information and or data.
- One typical example of a third-party data harvesting malware is the lizzipan spyware (a form of Android malware that can record phone calls, monitor the device’s location, retrieve data from popular apps and even make recordings from the device’s microphone) that appears as a bitcoin mining software in the google play store, once downloaded, it takes over your mobile and harvests all the data and anonymously sends it to its creators.
- Some of the symptoms that you have been hacked include overheating, battery drain, unusually popping notifications and constant freezing.
What to do…
Reload operating system (OS).
Keep your OS up to date.
Use a reputable antivirus and make sure its updated regularly.