Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Non-JavaScript Cryptojacking Reaps More Than $144M, Researcher Finds

    Written by

    Sean Michael Kerner
    Published June 12, 2018
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Unauthorized crypto-currency mining, commonly referred to as cryptojacking, is a problem that doesn’t seem to be slowing down and continues to be challenge for enterprises and individuals. It’s challenge that hasn’t escaped the notice of the U.S Federal Trade Commission (FTC), which is now enabling individuals to file complaints about alleged cryptojacking.

      The FTC’s new complaint system for cryptojacking attacks comes as attackers are reaping increasing rewards from the attack method. A report released June 11 by security firm Palo Alto Networks, sheds new light on the size and scope of a specific class of cryptojacking attacks, claiming that attackers have generated at least $143 million in illicit earnings.

      Many types of crypto-currencies are often created or mined by using computational power on the blockchain, to uncover a cryptocoin. Crypto-currency mining itself can be a legitimate activity when the mining is done by an authorized individual using authorized resources. Cryptojacking is what happens when an attacker gains unauthorized access to compute resources to mine crypto-currency. 

      Palo Alto security researcher Josh Grunzweig looked at data collected by his company’s network to try and determine how much cryptojacking activity is actually occurring.  Grunzweig did not look at mining that occurs via JavaScript, that is embedded in web browsers with scripts such as Coinhive, but rather looked at other forms of malware that was able to infect individual systems and servers. As multiple other reports over the last year have found, the Monero is the most sought-after crypto-currency in cryptojacking attacks. At the top of the crypto-mining chain are Monero addresses, where the mined coins are held.

      “By querying the top eight mining pools for all 2,341 Monero addresses, I was able to determine exactly how much Monero has been mined historically with a high degree of accuracy,” Grunzweig wrote.

      Grunzweig determined that a total of 798,613.33 Monero (XMR )had been mined, which has an approximate value of $144 million. He added that the total amount of Monero he was able to identify only accounts for roughly five percent of all Monero currently in circulation. Grunzweig also warned that his figures for the amount of Monero mined by cryptojacking is likely on the low side, since he doesn’t take into account JavaScript, web-based miners.

      Of particular note in Grunzweig’s data is the finding that 45 percent of the 2,341 Monero addresses he associated with cryptojacking efforts ended up generating 0.01 XMR (approximately $2.20) or less. Cryptojacking, much like spam, is apparently a high-volume activity, with only limited conversions. Though even with the limited success rate per infected host, cryptojacking is not a trivial problem.

      FTC

      Security researchers aren’t the only people looking into the problem of cryptojacking. The FTC confirms it’s also its actively investigating the issue.

      “Cryptojacking scams have continued to evolve and they don’t even need you to install anything,” Jason Adler, Assistant Director, Midwest Region for the FTC wrote in a blog post. “While the scammer cashes out, your device may slow down, burn through battery power or crash.

      The FTC offered a number of suggestions for consumers to help limit the risk of becoming a cryptojacking victim. The FTC’s advice is good basic hygiene for any IT user and includes using antivirus software, keeping systems updated and not clicking on suspicious links. While some forms of malware don’t have obvious clues that an IT user can spot, for cryptojacking to be effective, it needs to consume compute resources which can be an indicator of compromise.

      “Look for and close performance hogs: It can be hard to diagnose cryptojacking, but one common symptom is poor device performance,” the FTC suggests. “Consider closing sites or apps that slow your device or drain your battery.”

      The FTC now also wants consumers to report cryptojacking attacks via the commission’s www.ftc.gov/complaint page.

      In contrast to some other forms of malware-based attacks that can disrupt systems, cryptojacking is something that attackers have been able to directly monetize. As long as the value of Monero remains high and the barriers to cryptojacking infections remain low, it’s likely that cryptojacking attacks will continue to be a challenge and there will be no shortage of complaints to the FTC.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×