If your computer has been running sluggishly, you could be the victim of a new kind of malware that uses your system to mine cryptocurrency. Known as cryptojacking, this attack uses your system's processing power to virtually mine for digital currency like Bitcoin — which the attackers can sell for cash. And the worst part? You may not even know your computer is doing it because all it takes to become a victim is visiting a website or viewing a malicious ad.
But there's good news, too: as far as malware and viruses go, cryptojacking is fairly harmless. It doesn't delete data or steal personal information, and only runs when your browser has a bad webpage open. Still, it's not something you want your computer to be doing. Mining for cryptocurrency takes a lot of processing power, which means your computer will slow down and heat up as your processor is pushed to the limit. If you do it for long, it can have a noticeable hit on your electric bill, too, because your computer uses more power for those extra processing cycles.
Cryptojacking attacks have been seen on some big websites lately, including YouTube, which had malicious code embedded in advertisements. While cryptojacking is often done by hackers, some websites also use it to generate extra income. That includes both questionable sites like The Pirate Bay and reputable sites like Salon — though Salon is up-front about the system, letting users opt-in to mine cryptocurrency instead of viewing ads.
For most malware, we would advise you to avoid visiting suspicious websites or downloading unknown software. But because cryptojacking attacks can be found on perfectly ordinary websites, it's harder to avoid — or even tell if you've been cryptojacked. Be on the lookout for your computer running very slowly or physically heating up while you're browsing the web. If you spot one of these symptoms, you can check what's eating up you computer's processing power by opening the Task Manager in Windows or the Activity Monitor on Mac. Both will show you which applications are using your system resources — and if it's your web browser, it could be running a cryptomining script.
Despite the difficulty of detecting cryptojacking, there are four ways to keep yourself safe.
1. Be sure you're running anti-malware software
Many anti-malware programs will block cryptojacking attacks, including those from Avast, Malwarebytes, Norton, Sophos, Trend Micro and Webroot. Make sure you have an anti-malware program installed — many of them are free for home use, so there's no excuse not to run one. And once the program is installed, make sure to keep it up to date, so it knows how to fight off the latest threats.
2. Run an anti-cryptojacking browser extension
Both Chrome and Firefox have a wide range of extensions that add handy extra features to your browser — including blocking cryptocurrency mining. These extensions typically work by blocking specific known cryptominers, so they may not get everything. Still, they definitely cut down on cryptojacking attacks and they're less intrusive than script blockers (which we'll discuss next).
Our favorite is No Coin for Chrome and Firefox. It blocks cryptomining sites, but you can stop blocking a site with a single click if you want to allow it to mine.
Stop your browser from running scripts
Many websites use a variety of scripts to run properly, but scripts can also contain malicious — or just annoying — code like cryptojacking attacks. Still, disabling it wouldn't be our first — or even second or third — recommendation for dealing with cryptojacking because it can prevent websites from displaying properly.
You can use browser add-ons ScriptSafe for Chrome or NoScript for Firefox, both of which block many scripts by default but let you easily disable blocking if the site isn't working. For Safari, you'll have to disable JavaScript entirely, which can be rather disruptive but will keep you safe. Microsoft's Edge and Internet Explorer don't offer an easy way to turn off scripts, so look to an antivirus or anti-malware program instead.
Keep your computer up to date
There isn't a security patch that blocks today's cryptojacking exploits yet, but keeping your system up to date is crucial to keeping it secure — and the latest security patch could protect you from the next attack. So be sure you're running automatic updates for Windows 10 or macOS.
Because cryptojacking code runs in your browser, you should make sure it's up to date as well. Most browsers are set to update automatically, but here's how to update Chrome and Firefox manually. Microsoft Edge and Apple Safari both updated as part of Windows 10 or macOS, so they will be updated automatically when you run your general computer update. And Windows users, if you're still running an old version of Internet Explorer, go ahead and update to Edge for the latest browser technology.
[Image credit: slow computer concept via BigStockPhoto]
