4 Effective Ways on How to Prevent Cryptocurrency Mining Infection
Today, there are two tried and tested ways for cybercriminals to effectively earn a lot of income. The first one is what we are very familiar with, due to its strong possibility of causing the user to lose a massive amount of data — ransomware, while the second one is very new and operate covertly — cryptocurrency mining malware.
The media had been hyped since last year about the massive damage that ransomware inflicted against a business establishment, most especially those that have no credible backup systems. The lack of a reliable backup causes their decision-makers to literally bite-the-bullet, paying the virus authors the demanded ransom, in order for the user files to be decrypted by the ransomware.
Meanwhile, cryptocurrency mining malware, AKA crypto jacking is not hyped by the media. Because the malware itself operates covertly, it isn’t designed to threaten users with destroying data in hopes to earn a ransom payment from the victims. The goal is to steal CPU/GPU cycles, in order to mine cryptocurrency, increasing the operating temperature of the computer, it also renders the PC to use more wattage as a result, hence higher electricity cost of the unsuspecting users.
Here are some of our tips in order to prevent cryptocurrency mining malware infection:
- Never skip browser updates
Web browsers are our window to the outside world; it is the software most exposed to the unknown. Web browser makers are spending a lot on research and development, in order to help keep their browsers as secure as possible. Just like any typical malware, crypto jacking malware takes over a web browser without the user realizing that the CPU cycles are stolen, for doing something else than what is expected of a web browser. When a browser is regularly updated, the patches are being applied at the soonest possible time, hence the exploits used by malware to penetrate the system are closed.
- Use public scanners that detect and reports instances of crypto jacking.
The cybersecurity community provides information and online scanners on their site to detect infection. One such site is run by Opera, the browser maker: https://cryptojackingtest.com/. Such online tools probe the browser for any hints of being infected by the hooks of malware. The bottom line, an updated browser is the primary way to prevent infection, as if the browser is detected by this tool as infected, it basically is too late – the machine is already mining crypto coins behind the user’s back for quite a while.
- Monitor system startup
Windows MSCONFIG has been available since Windows 98, designed to remove unneeded and unwanted start-up programs and processes. However, today’s malware is very clever and already knows how to hide from MSCONFIG. There is a very powerful MSCONFIG-like utility named Autoruns, it is now owned by Microsoft but has not been part of the default Windows install. It is considered a system administrator’s MSCONFIG, more than the average startup program manager. Through this, all startup processes are revealed to the user, even the hidden ones. This covers even the hard to detect browser helper objects, that sticks itself into the browsers, starting itself up as soon as the browser runs.
- Monitor system processes
Windows Task Manager is an advanced tool for the average users, but system admins know more about their system than what the default tool can provide. Enter Process Explorer, the Windows Task Manager of all Windows Task Manager. It is developed by the same developer as the Autoruns mentioned above. Malware authors are very familiar with bypassing Windows Task Manager, hiding from the background. Any hidden processes are fully revealed by Process Explorer, as it probes the Windows system, as deep as the Windows Registry offers.
Julia Sowells700 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.