Many a desperate World Cup fan will want to sneak a peek of the game during work, stream from a cafe or watch from home without a tv subscription, and to the world of illegal streams is likely where they’ll turn. While it’s long been known that these streaming sites are laden with viruses and malware traps, there’s a new threat to add to the list: Cryptojacking.
If you are unfamiliar with the term, cryptojacking allows miners to run mining scripts on your computer, smartphone or server network without the host’s knowledge. The miners take advantage of your CPU – and your electricity bill suffers as a result. All the while, miners can profit off the relative anonymity of cryptocurrencies. These attacks can be scaled and in the process become very profitable. It is often fileless (meaning it runs off your browser) and is not detectable by many antivirus softwares.
The Massive Rise in Cryptojacking
There’s been a massive rise in cryptojacking of late. Known miner malware samples grew 629% in Q1 2019 compared to Q4 according to research by McAfee. As they share in their research, this rise is led by the fact that “There are no middlemen, there are no fraud schemes, and there are no victims who need to be prompted to pay…”
The malware will take shape via an email attachment, a link in an email or an infected websites. A perfect example of a malicious website are the illegal streaming sites where many people are going to be watching their country win or lose the next game.
A click on a popup, even simply going fullscreen, and your CPU can wind up running into overdrive as Monero (the coin of choice – given its ability to run on CPU) is being mined on your dime. The Independent interviewed several experts and the sentiment is that given the growth rates in cryptojacking users can expect this form of malware to proliferate on illegal streaming sites this World Cup, replacing the usual viruses and malware.
More Than Just Illegal World Cup Streaming Sites
It’s not only illegal sites though. Coin Hive was running invisibly for paying UFC customers, directly from the ufc.tv site, without user knowledge, let alone consent. LA Times was hacked to include a mining script, while it’s unclear how a mining script was running on Showtime’s website. Salon recently tested using the same Coin Hive technology to improve revenues in the age of ad-blockers.
This technology is possibly a future path for media to monetize their content and possibly even be a better user experience than ads. In the meantime though, Apple and Google have started to ban applications that mine virtual currencies on their devices, in an effort to conserve battery life.
Ultimately cryptomining has to be done with consent and transparency. The CPU strain can disrupt business processes and operations. In some instances, the malware can be “brutal”, as in the case of WinstarNssmMiner where it would bypass anti-virus defences and cause the victims computer to crash.
To Ransom or Crytpojack?
Interestingly, Kaspersky benchmarked the rise in cryptojacking to a drop in ransomware. For those interested in acquiring cryptocurrency, cryptojacking is everything ransomware isn’t. It operates nearly invisible in the background while ransomware is “in your face”. It can be deployed to any active browser rather than a “spray and pray” approach and hope to bypass the endless number of protected endpoints installed to ward off ransomware. It imposes a relatively low cost on the victim and it attracts the amount of attention required to stay under the radar (read: very little). At the same time, ransomware prevention is increasingly being embraced by companies as it’s been making notorious headlines in the past few years.
This could be a trend for cyber crime in the future – rather than inflict single, one-off, painful attacks – which encourage rapid and convicted responses – future attacks could be almost unnoticeable, imposing a minute cost on an organization’s productivity, while not interrupting any major operations.
So, make sure your software is all up to date, you are using an ad-blocker, you are using an anti-virus (and that you are using legal feeds), and enjoy the rest of the World Cup!