|
Hackers are moving past personal credentials and data to steal CPU resource
Dubai, UAE, October 30, 2017 − Fortinet, the global leader in high-performance cybersecurity solutions, today issued an advisory to computer users to check their devices if they sense that they are acutely slowing down. They could unwittingly be donating computing power to cybercriminals carrying out browser cryptojacking.
Fortinet's FortiGuard Labs researchers have been discovering more and more of such incidents, which are essentially a new trick used to stealthily mine Monero cryptocurrency using your CPU resources. By loading a script into your web browser that contains a unique site key, a cybercriminal can make you enrich him with Monero currency − without your knowledge − every time you turn on your computer and visit certain websites.
Browser cryptojacking started last September when a new technology to mine Monero cryptocurrency within web browsers surfaced. The script was written in JavaScript and is easily embeddable into any web page. Once a computer user visits such compromised pages, their computing power is hijacked for the currency mining process. The more time users spend on the web pages, the more CPU cycles can be consumed. This explains why hackers typically pick illicit video streaming web sites, where people stay for hours watching movies or TV serials, to plant such scripts.
Back-of-the-envelope calculations by security researchers show that cryptojacking can be lucrative − hackers targeting popular illicit sites like The Pirate Bay can earn up to US$12,000 per month.
So if you hear your computer's fans running at full speed without any apparent reason, the smart thing to do is check your CPU usage. Go to “Task Manager” on Microsoft Windows ([Ctrl]+[Shift]+[Esc]), “Activity Monitor” on Mac, and “Top” on the Linux command line.
The above commands will list all the processes running on your computer, allowing you to find the culprit (usually the web browser, e.g. Google Chrome) by filtering real-time CPU consumption. Once identified, you can kill the culprit by right clicking on it and selecting “end task”, “kill” or “terminate”. This ends your current connection to the compromised website. After that, you can open your browser again and go to other sites without problems.
The next step is to prevent your computer from being cryptojacked again. Install an anti-adware web browser extension, as well as web filtering and antivirus tools on your computer, and keep these updated. Another thing you can do, of course, is to refrain from visiting illicit sites.
“When using computing devices, it pays to always be situationally aware and look out for anomalous things, be it your fan speeding up or an email offering something too good to be true,” said David Maciejak, Director of Security Research, Fortinet. “Cyberspace is a perilous place full of schemers trying to take advantage of the gullible. Deploying the right security tools to protect yourself will help, but being cautious and thinking twice before taking any action will also go a long way in preserving your money, confidential data and computing experience.”
| 
RSS Feed 
