Cryptojacking snoops hit popular publishing platform

Ruth C. | May 8, 2020

Cryptojacking is one of the new threats that emerge due to the impressive financial rewards of cryptocurrency mining. Also known as crypto-mining malware, the attack is a new focus for cybercriminals to gain an advantage in generating digital coins at a much higher rate. The stealth technique that attempts to install malware and target computer’s processing power has been increasingly rife in recent years. This time, malicious miners hit one of the dominant infrastructure platforms, which has a total of 750,00 active users worldwide.

Steals CPU, not private data

A blogging platform Ghost, which is a free alternative to WordPress, is the latest victim of a major cryptojacking attack. Hackers abused critical vulnerabilities in a famous infrastructure tool called Salt, which has over 2 million installs. Ghost carries a customer base with big-names like Mozilla, DuckDuckGo, NASA, whereas Salt manages clients like IBM Cloud, eBay, and LinkedIn.

The Ghost developer team released a status page, stating that attackers successfully infiltrated their Salt-based server and set up a cryptojacking virus. The server breach gave access to both Ghost (Pro) websites and billing services. However, the blogging company assures that the financial information and credentials of their users remain secure. Instead, the hackers had a different goal in mind – to steal computing power and gather cryptocurrencies.

By exploiting two flaws, CVE-2020-11651 and CVE-2020-11652, hackers gained access to full remote code execution as root on servers in data centers and cloud environments. The mining attempt led to a spike in CPU usage and overloaded most of the Ghost’s systems, which triggered the alarm immediately. Luckily, the company quickly introduced a set of security measures to combat cryptojacking malware and rebuild the entire network. Even though Ghost eliminated all traces of the virus, Salt urges its users to patch their systems and follow the guidance to protect themselves.

Crypto-mining malware, a.k.a cryptojacking

Even though cryptojacking is relatively new, it’s already one of the most common online threats. According to security experts, criminals have made over 52.7 million cryptojacking hits during the first six months of 2019. Still, the attack is difficult to scale because oftentimes, people don’t even know they’ve become victims.

At its basic, cryptojacking refers to the unauthorized use of an individual or organizational computing power to secretly mine cryptocurrencies. It’s a malware-based technique that hijacks your computer’s CPU to perform calculations and grab the rewards. Cryptocurrency mining consists of vast arrays of powerful computers, which require an enormous amount of resources. Experts estimate that Bitcoin mining consumes more energy than the entire nation of Switzerland.

Besides enslaving a device through the distribution of traditional malware infections and phishing tactics, malicious actors use drive-by crypto mining. This threat embeds a piece of JavaScript code onto a website and activates a mining process on all visitors’ machines. They can also hide malicious scripts behind web advertisements. Whichever method they use, crypto mining code runs in the background of a victim’s device. By gaining more network resources, attackers generate large, robust mining pools and watch the cryptocurrency roll in.

Cryptojacking is especially tricky to detect. However, symptoms like slightly slower device performance, overheating, and high CPU usage are common signals. Still, although it can be challenging to recognize the intrusion even after the fact, you can prevent it from happening.

How to prevent cryptojacking?

In a threat landscape that’s constantly changing, it’s necessary to build awareness of what attacks, like cryptojacking, look like. Since many attacks involve phishing tactics, always practice good internet habits. Stick with reputable sites and apps, don’t click on random links, pop-ups, or documents.

Improve your web browser’s security by downloading extensions to block ads and cryptojacking threats. Also, you can manually disable JavaScript to prevent an attacker from loading malicious code. However, this could likewise block you from specific sites and functions you need.

Finally, anti-malware software is a must for the prevention of cryptojacking hacks. With such protection, you’ll have the means to detect any malware intrusion and ensure that your resources remain private.

© 2023 Atlas VPN. All rights reserved.