Crooks use cryptojacking to take over PCs for digital currency "mining": Internet Scambusters #832
Although it sounds highly technical - and, in a way it is - cryptojacking is actually a dead simple way for crooks to make money using other people's computers.
The crime involves hijacking PCs into a network of compromised machines and using their raw computing power to "mine" digital currencies.
In this week's issue we'll explain how to tell if your PC has been hijacked and provide three key actions you can take to protect yourself.
Let's get started...
Cryptojacking Overtakes Ransomware as No 1 Computer Threat
You don't need to know the first thing about so-called cryptocurrencies to be actively involved in dealing with them, that is, without your knowledge -- thanks to a scam known as "cryptojacking."
That's the term security groups use for when a person's computer is hijacked by cybercrooks and used to "mine" for the digital or virtual currencies.
This isn't going to be a techie report, so just stick with us while we explain briefly how this works.
First, cryptocurrencies are basically numbers stored on computers that represent a value that can be traded - a bit like a record on a balance sheet.
Think of it this way: Imagine an email that someone says is worth a dollar. It doesn't exist as a real physical item - it's "virtual" -- but, if everyone accepts that this digital document is worth a dollar, then it is. And it can be used to buy something worth a dollar.
In that respect, it's similar to the piece of paper we call a dollar bill. The paper it's printed on isn't really worth a dollar but we all accept it because we know everyone else will.
The "crypto" bit of the term refers to the fact that the numbers representing these digital currencies are disguised by software so as to make them, supposedly, tamper-proof.
To give them value, cryptocurrencies are effectively hidden on computer servers. It's the finding -- or mining -- of them that gives them their initial value.
Confused? Don't worry because most people are. But people in the know have dedicated masses of computing power searching for these numbers. Some legitimate firms employ huge banks of computers just to carry out millions of calculations until the currencies are found.
The cryptocurrency market is one you should never get into without taking advice from an expert. And, as we reported a few months back, lots of investors have already been tricked into pouring money into them and losing it forever.
However, cryptojacking may not cost you a lot of money but if your computer is involved in mining, it won't be much good for anything else.
How Your PC Gets Hijacked
The trouble is that you don't need to be tricked into installing the mining software on your PC. The crooks, who use clever coders (or computer programmers), have found a new way of recruiting your machine into their network (or botnet as these collections of computers are sometimes called).
Consumer champion Jason Adler, who has seen the crime grow and change over the past few years, explains: "Cryptojacking scams have continued to evolve, and they don't even need you to install anything.
"Scammers can use malicious code embedded in a website or an ad to infect your device. Then they can help themselves to your device's processor without you even knowing.
"You might make an unlucky visit to a website that uses cryptojacking code, click a link in a phishing email, or mistype a web address. Any of those could lead to cryptojacking. While the scammer cashes out, your device may slow down, burn through battery power, or crash."
Not a prospect any of us wants to encounter.
But tech magazine Wired recently declared that the crime is "out of control". It quoted the example of a coffee shop where the Wi-Fi system had been hacked, so that any laptop being used there was immediately hijacked and used for currency mining.
One version of cryptojacking malware targeting android mobile devices was reported to make such demands on infected devices it could actually cause them to permanently fail.
And latest research suggests that the use of some cryptojacking software is tripling every single month. Internet security outfit Symantec reckons annual growth is running at 34,000 percent, a mind-boggling figure.
One reason for this growth is said to be that hackers regard cryptojacking as more profitable and less risky than their previous hack-of-choice -- ransomware.
Have You Been Cryptojacked?
So, how do you know if you've been cryptojacked? Easy. Your computer will almost certainly slow down to a snail's pace. It may also overheat, sometimes triggering frequent crashes or shutdowns.
Tracking down and removing the malware is a much tougher job and you may need professional help, or even have to restore your computer system to an earlier, backed-up version (you do back up, don't you?).
However, there are three important steps you can take to prevent the hijacking in the first place.
1. As always, keep your Internet security software up to date, so it can intercept cryptojacking attempts.
2. Install add-ons to your web browser that are specifically designed to detect cryptojacking. Some ad blockers can do this but there are also add-ons for the likes of Google Chrome, Firefox and so on, that specialize in blocking mining software -- No Coin and minerBlock for example. Do a search to find one for the browser you use.
3. Be wary about the websites you visit. Consider using the web safety checker that comes with your anti-virus software or another type of add-on. If you're on an unfamiliar site, don't click on ads or links.
According to Forbes magazine, cryptojacking has now taken over from ransomware as the most common cybercrime, so watch out for the telltale signs -- and regularly back up your operating system (Windows, Mac, Android or iOS) for the fastest possible way of getting rid of it.
Alert of the Week
Google is planning a change in its Chrome web browser, which, it says, will make it easier for users to delete their search history and protect their privacy.
The company plans to put a "Your Data" link directly on its search page that will enable you to delete search info from there.
At the time of writing, the company couldn't say when the change would be made. So, for now, did you know you can access and delete that data just by clicking Control-Shift-Delete at any time the browser is open?
Time to conclude for today -- have a great week!