Cryptocurrency has existed for only around a decade at this point in time and is still considered to be in its infancy. As with any financial system however, it has already attracted significant attention from those looking to “get rich quick”, whether by fair means or foul. Due to the unique paradigm on which it is based, many of the methods used to try and exploit the system for financial gain are peculiar to cryptocurrency, rather than threats that also face traditional financial systems. One such activity that has garnered significant attention is that of “cryptojacking”, a technique for generating a profit via cryptocurrency that is at least ethically questionable, and very often criminal, in nature.
In this blog post, we examine what cryptocurrency is, how it works, and how its fundamental principles of operation can encourage the illicit activity known as cryptojacking. We also investigate the scale of the problem to date, and how it can best be guarded against, as well as detected should it occur.
A cryptocurrency is a financial asset that exists as a digital entity only, rather than in a physical medium, and which uses peer-to-peer cryptographic techniques (named blockchains) for operations including asset creation, and distribution and verification of ownership. Although not exclusively so, many of the most prominent cryptocurrencies also incorporate the principles of decentralization, in which they aim to be free of the constraints of traditional currencies in being issued or regulated by central banks or other centralised authorities and/or state institutions.
Although termed “currency”, their use as legal tender in the traditional sense has been extremely limited and very much secondary to date to their use as a speculative asset for investment. Many cryptocurrencies are best viewed currently at least as a form of traded stock or investment scheme rather than a currency and are subject to significant volatility in value.
Cryptocurrencies are a relatively new paradigm for money (or traded assets at least). The advantages of cryptocurrency that are most frequently quoted by proponents are that they can offer a streamlined alternative to existing financial architectures, free of regulation, central control or processing fees and transaction charges. The decentralized operation of many cryptocurrencies (which we shall outline shortly) make it possible for transacting parties to exchange value independently of central financial institutions such as banks and clearing houses.
Since cryptocurrencies are not in many cases controlled by state institutions the argument is that they are not subject to many of the issues or threats to traditional currencies, such as inflation, central bank control and devaluation, bank runs and financial market crashes. The images of people queuing outside banks to try and withdraw their money in times of crisis, only to be turned away or leave with wheelbarrows full of worthless cash insufficient to buy a loaf of bread are intended to be impossible under a cryptocurrency system.
However, the recent history of cryptocurrency has shown that it has in many cases simply swapped one set of issues with another. Much of the history of cryptocurrency systems to date is at the very least murky and often quite nefarious, with claims of Ponzi schemes, price manipulation, wash trading, and predatory behaviour. The price of Bitcoin, one of the two most popular cryptocurrencies, has fallen by more than half of its 2021 peak value at the time of writing, with billions of dollars of value lost in a matter of hours.
Quite apart from the problems and questionable practices within the cryptocurrency markets themselves is the use that cryptocurrency is put to. Although perhaps nobly envisaged initially as a way of freeing finance from the greedy grasp of large financial institutions and central state government, it turns out that deregulated and pseudo-anonymous finances deliver – perhaps unsurprisingly – a very appealing proposition to criminals and those very governments that were most distrusted in the first place. Cryptocurrencies have therefore found themselves used on a massive scale in illegal activities including money laundering, illicit purchases on the dark web, adoption in financial trades by states looking to avoid sanctions, and in facilitating a payment system to support ransomware attacks – malware that encrypts data in order to make it unavailable to its owners and holds the decryption key hostage until victims pay the perpetrators.
Just as with traditional currencies, it is possible for cryptocurrency within a given cryptocurrency system to be created or “minted” by a central authority and issued to institutions or users. However, the greatest adoption of cryptocurrencies to date has been within systems that are architected based on a model of decentralized control. In this form of cryptocurrency, there is what is known as a distributed ledger technology (typically a blockchain) that serves as a public record of all financial transactions within the system, but which is redundantly distributed across and calculated by a dispersed system of nodes.
The decentralized model often also incorporates what are perhaps some of the most novel aspects of cryptocurrencies as well as the most controversial: known as “proof-of-work” systems, these leverage computational power (brute force) to perform extremely resource-intensive cryptographic calculations that underpin the currency’s operation.
These proof-of-work systems operate by a system commonly referred to as mining which combines two essential activities: in distributed cryptocurrency networks, mining is used to perform calculations that confirm the validity of transactions made within the cryptocurrency (such as a transfer of assets). However, in order to incentivise nodes to perform this function and to contribute to the processing power of the network the first node to solve the cryptographic function is rewarded via the issue of some of the cryptocurrency itself.
Due to the way that the system is designed, each transaction requires multiple proofs to agree in order to verify the transaction, and because of the uncertainty involved in breaking cryptographic keys, it is not known whether the first calculation you perform, or the 50-millionth will be the one that is successful. Multiple cryptominers therefore compete to solve the hashes that are required to validate a particular transaction. “Mining” is therefore a good analogy for the activity because whilst there is no guarantee of reward on a given day, based on probability returns are guaranteed over a sufficiently long time period – “striking it rich” and finding a gold vein or diamond after perhaps months of digging.
These properties of decentralized or distributed cryptocurrencies have led to staggering amounts of computer resources being dedicated to crypto mining internationally (some estimates claim an amount of electricity consumed greater than that of the entire country of Switzerland for example). This has led not least to major environmental concerns, but also greatly incentivised less ethical parties from considering how they can subvert the computing power owned by other individuals for their own purposes in crypto mining, as we shall see shortly.
As we saw above, crypto mining relies (by design) on the computation required for calculations to be extremely “expensive” in terms of computer resources. As with all computationally expensive computer tasks, the time to deliver a solution scales with the number of operations that can be performed per second. Within computing, scaling is described as being either vertical or horizontal. Vertical scaling describes adding more power to current machines and is one approach taken in traditional supercomputer design for example, to tackle calculations such as weather forecasting and the modelling of nuclear explosions or galaxy formation.
However, the decentralised nature of cryptocurrency means that it lends itself much more readily to horizontal scaling – adding additional nodes to perform the computation on. Crypto mining isn’t the first arena to take advantage of distributed computing power – various projects such as gene sequencing initiatives through to the search for extra-terrestrial intelligence in radio wave signals have all been associated with organised (and legitimate) distributed computing initiatives.
Cryptojacking is a perhaps obvious consequence of the combination of these two factors within crypto currency: its distributed nature, and the requirement for computationally expensive “proof of work”. Since there is direct financial incentive to leverage as much computational capacity as possible to perform crypto mining, it doesn’t take a significant leap of imagination for users to start considering how they can leverage greater resources to tackle the problem than they have legitimate usage rights to.
Perhaps initially this might have taken the form of co-opting resources such as employer server equipment and unused workstations to provide additional computational power, but more recently the scale of this type of activity has spread to individuals attempting to subvert and leverage thousands of consumer computers to perform crypto mining on their behalf.
This “cryptojacking” as it is often termed involves hijacking a computer (or more commonly, a very large number of computers) to mine cryptocurrencies without the legitimate user’s knowledge.
Cryptojacking relies on a system being co-opted to perform a task without its owner’s knowledge or permissions. In that respect, it shares a lot in common with other forms of malware. Unlike other forms of malware such as ransomware however, cryptojacking relies on establishing a persistent presence, since the reward for subverting a host continues to scale the longer that the attacker can co-opt its resources to perform crypto mining without being detected.
However, although Coinhive and similar scripts may have been established with noble intentions originally, they soon became leveraged in a couple of ways that were at least unethical and arguable criminal in nature. The two primary types of such activity are:
Cryptojacking malware is unlike many other forms of malware in that it is designed to remain unobserved, so there is most often no visible impact or immediately catastrophic outcome as in the case of ransomware. Rather, infected hosts will generally simply begin to perform poorly and struggle to perform certain tasks, since some sizable portion of their CPU activity is being diverted towards the crypto mining effort.
Perhaps most seriously however, once the crypto mining malware is installed it can also potentially perform other actions, such as attempting to distribute malware to other hosts, or open a “backdoor” for system access whereby the infected host can be recruited into a more sophisticated centralised botnet to perform further mining efforts or potentially other forms of exploitation and attack, such as DDoS (distributed denial of service) attacks.
The AppCheck Vulnerability Analysis Engine provides detailed rationale behind each finding including a custom narrative to explain the detection methodology, verbose technical detail, and proof of concept evidence through safe exploitation.
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
As always, if you require any more information on this topic or want to see what unexpected vulnerabilities AppCheck can pick up in your website and applications then please contact us: email@example.com
No software to download or install.
Contact us or call us 0113 887 8380