 Group Members

 M. Shoaib Shabir
 Mashhood Aslam

 Submitted To
 AP Dr Shahzaib Tahir Butt
Outlines

 What is Crypto Jacking?

 Introduction.
 How it works?
 How it works?
 How to fight back against it?
 Challenges for Hackers.
 Why is it becoming more popular?
 The Business Cost of Crypto Jacking.
 Lists of sites being affected.
 Conclusions.
 CryptoJacking

© Global Knowledge Training LLC. All rights reserved. Page 4

What is Crypto Jacking?
 Crypto jacking is a form of cyber attack in which a hacker hijacks a
target's processing power in order to mine cryptocurrency on the
hacker's behalf.

 Many names
 Cryptojacking
 Coinmining
 Cryptomining
 (“Coinhive” is the name of the best-known
software that performs this attack)
Introduction:

 Cryptojacking is the unauthorized use of someone else’s computer to mine

cryptocurrency.

 Hackers do this by either getting the victim to click on a malicious link in an email
that loads crypto mining code on the computer, or by infecting a website or
online ad with JavaScript code that auto-executes once loaded in the victim’s
browser.

 Either way, the cryptomining code then works in the background as unsuspecting
 victims use their computers normally. The only sign they might notice is
slowerm performance or lag in execution.
How it works?
How it works?

 Two ways to get victim’s computer mine secretly

 One is to trick victims into loading cryptomining code onto their computers. This is
done through phishing-like tactics or email encouraging them to click on link.
 Second one is to inject a script on a website or an ad that is delivered to multiple
websites. Once victims visit the website or the infected ad pops up in their browsers,
the script automatically executes.

 Crypto jacking scripts do no damage to computers or victims’ data.

 They do steal CPU processing resources, slowing down the machine’s performance.
How to detect Crypto Jacking?

 If CPU is heating excessively.

 If your computer is running very slow and giving poor Performance.

 We can also detect via Network Monitoring tools.

 There are many artificial intelligence companies which analyzes

network data to detect CryptoJacking.
How to detect Crypto Jacking ?
How to fight back against it (1) ?

 Install an ad-blocking or anti-cryptomining extension on web browsers.

 Use endpoint protection that is capable of detecting known crypto miners which
is provided by many anti-virus software vendors.

 Keep your web filtering tools up to date.

 Maintain browser extensions

How to fight back against it (2)?
How to fight back against it(3) ?
Why is it becoming more popular?

 Hackers see cryptojacking as a cheaper, more profitable alternative to

ransomware,” says Alex Vaystikh.
 According to Adguard Research It is found that 33,000 websites running cryptomining
scripts. Adguard estimated that those site had a billion combined monthly visitors

 In February 2018, Bad Packets Report found 34,474 sites running Coinhive, the most
popular JavaScript miner that is also used for legitimate cryptomining activity.

 Cryptojacking doesn’t even require significant technical skills. According to the

report, from Digital Shadows, cryptojacking kits are available on the dark web for as little
as $30.
 more money for less risk.

 risk of being caught and identified is also much less than with ransomware.
Crypto Jacking Challenges for
Hackers
 Internet access

 System recourses utilization

 Persistence
Cryptojacking Companies

 Top 3 cryptojacking companies:

 Coinhive
 JSEcoin
 Cryptoloot

 The companies split the profits with the web page owner. These products
are legal, and being offered as a substitute for advertising revenue.
However, the web site owners don’t have to tell the users.
The Business Cost of Crypto Jacking
Lists of Sites Being Affected

 .
Conclusion

 Based on recent malware trends, cryptojacking malware seems to

be appealing choice for malware develpores.

 More cryptojacking malware will likely to be seen over the next few
years.

 While not inherently destructive should typically avoid cryptomining

as ir wares down hardware and costs electricity.

 Systems infected with cryptojacking malware should to monitor and

limit excessive resource utilization.