14 Jun Don’t be a Coinmining Zombie – Part 2: How Do You Protect Yourself from being Cryptojacked?
June 14, 2018
Safe behaviors to protect yourself from cryptojacking follow the familiar rules you should adhere to every day to protect yourself against viruses, worms, bots, and malware, including ransomware, which are typically pushed to you through phishing techniques and social engineering:
- Strengthen your network device’s credentials (e.g., your router), to make it less open to unauthorized access; or turn on a network or local firewall, to stop intrusion attempts.
- Update your system on a regular basis with the latest security patches to stop vulnerabilities from being doorways to infection.
- Ensure whatever security your browser provides is turned on against web threats. These include website injections, browser scripts, and the hijacking of extensions/browser helper objects (BHOs).
- Run an ad blocker to put a stop to CPU piracy that may be possibly delivered by malicious advertisements.
- Turn on your anti-spam filter and become phishing- and spoofing-savvy by taking precautions against known attack vectors. These include unsolicited and socially-engineered emails and texts, which may come loaded with malicious links and attachments/files (e.g., infected image files).
- Bad links and files can also come from infected websites, social networks, and third-party software delivery mechanisms. To protect against the latter, don’t download and install applications from unknown sites.
- Be wary of clicking shortened links on unknown sites, since it makes it hard to determine the link’s legitimacy.
- Be on the lookout for fake apps mimicking real ones, or for apps like Calendar 2, which appeared in the Apple App Store in March and contained a coin miner. Its default “free” settings, while disclosed to the user, began mining Monero currency on user devices when installed, and bugs in the software didn’t turn the function off when paid users tried to opt out.
- If you suspect you’ve been cryptojacked, use Task Manager on Windows to check if any unknown scripts/apps/processes on a website or locally are using inordinate amounts of CPU, Memory, Disk, Network, or GPU resources. On MacOS, use Activity Monitor to do the same.
- On Android, be careful with the permissions you grant to applications, as coinminers like HiddenMiner use Administrator Privileges to activate the malware.
- On iOS and Android, proactively back up your device to iCloud or an Android cloud service respectively, so you can restore it if you get infected by a coinminer and need to reset your device.
How can endpoint security help?
Finally, make sure you have endpoint security software installed on your device, with its web-threat, anti-exploit, anti-phishing, anti-spyware, and anti-malware features fully enabled. Endpoint security is designed to warn you when threats arise; block you from going to infected sites; prevent system and browser exploits; and block the download, installation, and execution of coinmining malware. It can also help to restore your device to the way it was before the infection.
More specifically, Trend Micro Security and the Trend Micro Toolbar can protect your PC or Mac against all three types of coinmining malware outlined above. Features include:
- Firewall Booster (on the PC), which works with the Windows Firewall to provide network vulnerability and anti-botnet protections, so you don’t become part of a coinmining botnet. When it detects a botnet process, it stops it and notifies you.
- Web Threat Protection (WTP), which warns you about bad URLs in search results, emails, and on social networking sites. If a website has a bad reputation, you’re warned beforehand and blocked from going to it. If it’s a website with a good reputation, but contains a hidden coinminer, WTP will block the coinminer from running.
- Anti-spam Toolbar/Worry-Free Click stops spam—which may contain phishing messages and coinmining links/files—from reaching you.
- Real-Time scan stops coinmining malware in its tracks by checking for the prevalence of PE/process files against the Smart Protection Network’s File Reputation Service (FRS). This protects you against 0-day malicious attacks and warns you if the file is suspicious (i.e., hasn’t been seen anywhere before). TrendX (Machine Learning) also helps in the detection of local coinminers.
- Finally, Trend Micro Security’s combination of signatures, rules, and behavior monitoring all work in a cross-correlated way to stop the installation and execution of PowerShell coinmining script-container files or malware. If a Real-Time or user-initiated scan finds such a container file or malware, it quarantines or deletes the offending file, then helps you clean up your computer and restore it to the way it was before the infection.
Similarly, in Trend Micro Mobile Security for Android:
- WTP blocks you from going to bad websites that may contain coinminers when browsing or using popular texting services.
- The Google Play Pre-installation Scan warns against installing fake/bad apps before they’re are downloaded. For side-loaded apps (direct *.apk installs), the app is checked against our Mobile App Reputation Service (MARS), to ensure it’s not flagged as harmful. If it is, the installation is blocked.
- The Security Scan (also powered by MARS) catches any coinmining malware that has been installed, alerts the user of its presence, then gives you the option to delete it.
See Trend Micro Security Products Overview to see all the ways we protect you from web threats, viruses, bots, and malware, including ransomware and coinminers that can hijack your system. Trend Micro Security and Mobile Security protect PCs, Macs, Android and iOS devices.