Cryptojacking cover

Cryptojacking and Ads that mine with your CPU

Considering how much Bitcoin is worth, it is no surprise that the bad actors are plaguing the cryptocurrency world with their hacking and scams. Cryptojacking is another tactic these hackers use to make a profit by exploiting unsuspecting internet users.  

One of the most common cryptojacking approaches is injecting scripts through infected ads and websites on visitors’ computers or browsers. And unfortunately, this phenomenon negatively impacts the whole digital advertising industry, including crypto advertising.   

The audience gets a lot more suspicious regarding ads, and advertisers might mistakenly get associated with the source of the infection.  

To avoid all these problems related to cryptojacking, let’s take a minute and understand what it is, how it works, and how to prevent it.

What is cryptojacking?

What is cryptojacking

Cryptojacking is a tactic practiced by hackers to use computers unauthorizedly to mine cryptocurrency.  

With this tactic, the attacker is looking to collect computational power from a vast network of computers to run the same operations a mining rig would.  

By doing so, the hacker is avoiding the cost of building and keeping a competitive mining rig and diminishing the risks he’s exposed to while obtaining cryptocurrencies from proof-of-work mining protocols.  

In a way, cryptojacking is safer for hackers because they don’t have to interact with the victim and, ironically, safer for the victim because it does not necessarily damage the equipment.  

How does cryptojacking work?

The base concept behind cryptojacking is the script running as a background process to mine cryptocurrency for the attacker.  

The method of infection is the one that varies the most. And although they change and evolve, the most popular cryptojacking uses are through:  

  • Popular pirated and cracked games;  
  • Unofficial browser extensions or fake copies of popular extensions;  
  • A malicious link sent through email that loads crypto mining code on the victim’s computer;  
  • Infecting a website with JavaScript code that auto-executes once loaded on the victim’s browser;  
  • Deploying online ads infected with JavaScript code that auto-execute once loaded on the victim’s browser.  

In the end, it is a type of malware, and unfortunately, it is pretty hard to trace. But on the bright side, cryptojacking malware doesn’t directly damage the equipment it attacks or the victims’ data.  

They only steal CPU processing power which slows down performance. However, don’t treat it lightly because long-term overclocking and overheating can ultimately damage your computer.

How to Detect Cryptojacking Activity?

Usually, a user notices when something is not right with their devices. The computer, laptop, or mobile phone starts to slow down overnight.   

Thus, if your device is affected by cryptojacking, the first thing you will notice is that your device is working slower than usual. And in this case, we are not talking about a website that loads slowly but about the whole system having decreased performance. Furthermore, you may notice that your device’s battery drains quicker than under normal circumstances.   

In some cases, you may also notice that your device is overheating, considering that the CPU is running more data than it usually does.   

Ads mining crypto with your CPU

Ads mining crypto with your CPU

Cryptojacking with ads is a real threat to the online advertising industry because it hurts all parties involved.  

As mentioned before, an online ad can be infected with JavaScript code that auto-executes once loaded on the victim’s browser.  

Once the malware is found, the victim suffers, and it may also hurt the advertiser’s brand, the website that deployed the ad, and the ad network’s reputation.   

Some advertisers are inclined to think that an ad can get infected only on small websites with custom deals and that they are safe on big ad networks. And in the same way, internet users might think big websites are safe.  

Unfortunately, that’s not the case. In 2018, Ars Technica reported that YouTube was caught displaying ads that secretly drain off visitors’ CPUs and electricity to generate digital currency on behalf of anonymous attackers. Apparently, the attackers were abusing Google’s DoubleClick ad platform to display ads infected with web miners to YouTube visitors in several countries, including Japan, France, Taiwan, Italy, and Spain.  

The advertising employed publicly available JavaScript offered by Coinhive and private mining JavaScript code to take 80% of a visitor’s CPU during the visit, leaving just enough resources for the computer to run. 

Security in the crypto advertising industry  

While many users are driven away from an ad network once they are affected by cryptojacking, it is essential to note that some platforms focus on security and do anything possible to keep users far away from cryptojacking.   

As a cryptocurrency advertising industry leader, Coinzilla puts great emphasis on security.   

Therefore, besides thoroughly checking the projects it advertises and the ads it wishes to display, it ensures our publishers are as clean as possible.   

Just as every publisher goes through an in-depth verification, so do its publishers.   

Coinzilla ensures that its network of +650 websites and apps comprises publishers with a crypto audience with quality traffic and safe to use for internet users.  

How to prevent cryptojacking

Whether or not you are dealing with cryptocurrency, you can take some steps to prevent cryptojacking before it happens to you, too.   

To make sure you are not a victim of such an attack, you can:  

  • Learn to spot phishing emails and messages from senders you do not recognize. Avoid clicking on any suspicious links and double-check even the senders you know;  
  • Block JavaScript in your browser;  
  • Use antiviruses and officially licensed software;  
  • Use privacy-focused internet browsers such as Brave.  

And if you suspect you may already be a victim of cryptojacking, try monitoring your resources and processes to find anomalies.  

Key takeaways

Cryptojacking is a tactic employed by hackers to use computers unauthorizedly in order to mine cryptocurrency.  

Cryptojacking malware can be deployed through popular pirated and cracked games, unofficial browser extensions, fake copies of popular extensions, malicious links sent through email, websites, and ads infected with JavaScript code that auto-executes once loaded on the victim’s browser.  

In 2018, YouTube was caught displaying ads that secretly drained off visitors’ CPUs and electricity to generate digital currency on behalf of anonymous attackers.  

Coinzilla does not condone cryptojacking and emphasizes users’ security by thoroughly checking the deployed campaigns and the websites within the publisher network.  

You can prevent cryptojacking by spotting phishing emails and messages, avoiding clicking on suspicious links, blocking JavaScript in your browser, using antiviruses and officially licensed software, and using privacy-focused internet browsers such as Brave.