How Lansweeper Can Help You Catch Cryptojackers

What is Cryptojacking?

Cryptocurrency is not dead -- in fact, its market size is projected to grow to more than $1billion by 2026. And while server farms and DIY home cryptocurrency mining is definitely still happening, there are ways of making just as much (if not more) profit without investing in infrastructure. And cybercriminals know it.

Cryptojacking -- the process of illegally mining for cryptocurrencies unbeknownst to the individuals or organizations that own them, rose 28% in 2020 from the previous year, with 81.9 million attempts. And according to Threatpost, in February of 2021, a cryptocurrency mining malware called WatchDog slipped under the radar and was running on at least 476 Windows and Linux devices for more than two years. Researchers called it one of the largest and longest-lasting cryptojacking attacks of its kind to date.

There are three common methods of cryptojacking that IT teams need to be aware of:

  1. A cryptojacker may load code directly onto a computer when a victim clicks on a malicious link. After the computer is infected, the cryptojacker quietly hides in the background and mines cryptocurrency.
  2. A cryptojacker may embed a piece of JavaScript code into a web page and perform cryptocurrency mining on machines that visit the page. This is known as 'drive-by crypto mining'. Victims are completely unaware that their computer is being used to mine cryptocurrency, because the code uses only enough system resources to remain undetected.
  3. Common exploits may be used to infect servers or multiple machines to gain access to much larger CPU resources for crypto mining than ordinary desktop PCs provide. (This is what happened with the supercomputers in Europe.)

In many instances of cryptojacking, the victims are completely unaware that their systems are being exploited. But the damage can be severe: Cryptojacking impairs computing performance, shortens the lifespan of devices, causes irreparable hardware damage, and sends energy bills through the roof. To avoid the negative impact of cryptojacking, IT departments must find ways to identify threats and stop them from being successful. 

Lansweeper Reports To Help You Detect Cryptojackers

Regardless of which method cryptojackers use to commit their crimes, processing power is required. So, it's possible to watch for a sharp increase in CPU usage, then investigate to see if cryptojacking software is the culprit. To give you better ways to detect possible cryptojacking software in your network, we've created a couple of specialized reports you can use:

CPU Utilization Report

While monitoring all your computer's CPU usage indefinitely is probably overkill, we have created a special report to provide you with multiple CPU usage metrics that help identify if and when your CPU utilization has spiked over the past two weeks.

FacexWorm Chrome extension IDs Audit

If the cryptojacker is hidden in a Chrome extension, you can use our chrome extension report to check if any other computers in your network also have the same extension installed. In the case of the FaceXWorm cryptojacker, we've created a report with the known Chrome extension IDs, so you can do a preliminary sweep. 

Computer Processes Overview

While this report won't flag suspicious processes for you, it does give you the option to look through the processes on a specific computer if you have a suspicion. 

File Scanning

Some cryptojackers will leave behind files in your Windows folder or other directories. If you have knowledge of a specific file that indicates the presence of a cryptojacker, file scanning can help you check the rest of your environment.

Registry key scanning

Similar to file scanning, there are cryptojackers that leave registry keys. With registry scanning, you can check if those keys are also present on other devices in your environment.

The reports are useful for random audits or in the event that you suspect foul play.

Catching the Crooks

The success of cryptojacking is dependent on evading detection for as long as possible. With these new Lansweeper reports, detecting cryptojackers in your IT environment will be easier and much more effective. Learn more on Lansweeper reporting capabilities, or visit our report library to browse through all of our existing reports.

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​