Kaspersky Blocks Over 200M Illegal Crypto Mining: Reports

What is cryptojacking

Protect your people from email and cloud threats with an intelligent and holistic approach. Prevent identity risks, detect lateral movement and remediate identity threats in real time. The “c.sh” script disables SELinux and then configures “iptables” and “ulimit”, establishing communication with any Redis servers on the network while simultaneously cutting all access from beyond the system. The next payload deployed https://www.tokenexus.com/ incorporates masscan, pnscan, and zgrab, to search networks for pivoting points that are valid before downloading the last two scripts that facilitate propagation, “d.sh” and “c.sh”. Once in, WatchDog can itemise or alter containers and then run shell commands of its choice on them. This checks out the host’s infection status and lists processes before fetching the second-stage payload script “ar.sh”.

Stop the delivery vector and secure your organization against spear phishing – learn more about Egress Defend here or book a demo today. Normally, this is a sign to free up some storage space or request a new device/component from the IT department. However, an unusually slow laptop can also be the sign of something more sinister – cryptojacking. Sam Bocetta is a freelance journalist specializing in US diplomacy and https://www.tokenexus.com/what-is-cryptojacking-how-to-prevent-and-detect-it/ national security, with emphasis on technology trends in cyber-warfare, cyber-defense, and cryptography. Of course, machines working harder than they should can be an indication of many different types of attack, but any sudden decrease in performance should be taken as a flag to investigate potential infection. Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges.


Crypto mining is the method of validating the processed transaction and minting a new token in exchange for validating the blocks and transaction. As per Kaspersky, Bitcoin generation requires as much energy as Sweden consumes annually. Increasing power prices are believed to fuel illegal mining and crypto-jacking.

As of now, there are more than 11,000 websites using the coinhive script. Upon researching the infected sites, it is difficult not to notice that a large majority of the sites seem to be free movie streaming services, which is no surprise as these often host different types of malware. The playbook is triggered by a Cortex XDR alert that detects unusual allocation of cloud computing resources. Cryptocurrency mining is a computationally intensive task, which requires electricity and computing power.

Cryptojacking: how it works and how to protect your business

Mining cryptocurrencies through the equipment of users without their consent is known as cryptojacking. Cryptojacking can go undetected for a long time and won’t attract as much attention as a ransomware attack. Plus, most victims wouldn’t bother legally pursuing perpetrators anyway, as nothing has been stolen or locked via encryption.

What is an example of cryptojacking?

Coinhive was a cryptocurrency mining service that was launched in 2017. It allowed website owners to embed a JavaScript code on their websites, which would then use the website visitor's computer to mine the Monero cryptocurrency. This was known as “in-browser mining,” and it was a form of cryptojacking.

A successful example for the legal use of Coinhive was a donation initiative of UNICEF Australia, where donations were generated through website visits. It seems ironic for the maker of the Coinhive JavaScript code, widely used for cryptojacking, to claim that Coinhive is an alternative to classic ad banners. In principle, a code integrated into websites, via which visitors consciously agree to mining, can be a safe alternative to advertisements that lead to malicious scam or phishing sites or stealing of sensitive user data. Anti-crypto mining browser extensions are available but ensure you use a trusted download site.


ESET detects the majority of cryptojacking scripts as potentially unwanted applications (PUAs). In terms of impact, 2017 and 2018 were acknowledged as two of the most significant years to date for cryptojacking. Since then, it has become a rather underestimated cyber threat, though it certainly hasn’t gone away. Research suggests that cryptocurrency miners were the most common malware family last year, with no less than 74,490 threats detected in the first half of 2021.

Unlike ransomware and other cyber threats, cryptojacking code hides on computers, mobile devices, and servers and surreptitiously uses a machine’s resources to “mine” cryptocurrencies. Most users don’t notice anything unless it severely slows down the computer’s processing speed. In November 2017, AdGuard, maker of a popular ad-blocking browser plugin, reported a 31 percent growth rate for in-browser cryptojacking. Its research found more than 30,000 websites running cryptomining scripts like Coinhive, which according to various reports has affected one in five organizations worldwide.

Help your employees identify, resist and report attacks before the damage is done. Several of the scripts utilised by WatchDog include references and logos of another hacking group called TeamTNT. This indicates that WatchDog most likely stole these tools from the rival. The “d.sh” script works similarly but targets other Docker Engine API endpoints instead of Redis servers and infects them. These scripts are stored in a new directory marked “…” making it easy to miss during an inspection, as it looks like the alias used for the parent directory. With the coronavirus on the verge of being declared a global pandemic and thousands dead in its wake, there are sick attempts by criminals to scam unsuspected victims to profit from the illness.