• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Consumer   »   Don’t be a Coinmining Zombie – Part 2: How Do You Protect Yourself from being Cryptojacked?

Don’t be a Coinmining Zombie – Part 2: How Do You Protect Yourself from being Cryptojacked?

  • Posted on:June 14, 2018
  • Posted in:Consumer, Mobile Security, Security
  • Posted by:
    Trend Micro
0

Safe behaviors to protect yourself from cryptojacking follow the familiar rules you should adhere to every day to protect yourself against viruses, worms, bots, and malware, including ransomware, which are typically pushed to you through phishing techniques and social engineering:

 

 

  • Strengthen your network device’s credentials (e.g., your router), to make it less open to unauthorized access; or turn on a network or local firewall, to stop intrusion attempts.
  • Update your system on a regular basis with the latest security patches to stop vulnerabilities from being doorways to infection.
  • Ensure whatever security your browser provides is turned on against web threats. These include website injections, browser scripts, and the hijacking of extensions/browser helper objects (BHOs).
  • Run an ad blocker to put a stop to CPU piracy that may be possibly delivered by malicious advertisements.
  • Turn on your anti-spam filter and become phishing- and spoofing-savvy by taking precautions against known attack vectors. These include unsolicited and socially-engineered emails and texts, which may come loaded with malicious links and attachments/files (e.g., infected image files).
  • Bad links and files can also come from infected websites, social networks, and third-party software delivery mechanisms. To protect against the latter, don’t download and install applications from unknown sites.
  • Be wary of clicking shortened links on unknown sites, since it makes it hard to determine the link’s legitimacy.
  • Be on the lookout for fake apps mimicking real ones, or for apps like Calendar 2, which appeared in the Apple App Store in March and contained a coin miner. Its default “free” settings, while disclosed to the user, began mining Monero currency on user devices when installed, and bugs in the software didn’t turn the function off when paid users tried to opt out.
  • If you suspect you’ve been cryptojacked, use Task Manager on Windows to check if any unknown scripts/apps/processes on a website or locally are using inordinate amounts of CPU, Memory, Disk, Network, or GPU resources. On MacOS, use Activity Monitor to do the same.
  • On Android, be careful with the permissions you grant to applications, as coinminers like HiddenMiner use Administrator Privileges to activate the malware.
  • On iOS and Android, proactively back up your device to iCloud or an Android cloud service respectively, so you can restore it if you get infected by a coinminer and need to reset your device.

How can endpoint security help?

Finally, make sure you have endpoint security software installed on your device, with its web-threat, anti-exploit, anti-phishing, anti-spyware, and anti-malware features fully enabled. Endpoint security is designed to warn you when threats arise; block you from going to infected sites; prevent system and browser exploits; and block the download, installation, and execution of coinmining malware. It can also help to restore your device to the way it was before the infection.

More specifically, Trend Micro Security and the Trend Micro Toolbar can protect your PC or Mac against all three types of coinmining malware outlined above. Features include:

  • Firewall Booster (on the PC), which works with the Windows Firewall to provide network vulnerability and anti-botnet protections, so you don’t become part of a coinmining botnet. When it detects a botnet process, it stops it and notifies you.
  • Web Threat Protection (WTP), which warns you about bad URLs in search results, emails, and on social networking sites. If a website has a bad reputation, you’re warned beforehand and blocked from going to it. If it’s a website with a good reputation, but contains a hidden coinminer, WTP will block the coinminer from running.
  • Script Analyzer Line-up (SAL) protects your browser from malicious script injections, including JavaScript (.js) miners, such as CoinHive.
  • Anti-spam Toolbar/Worry-Free Click stops spam—which may contain phishing messages and coinmining links/files—from reaching you.
  • Real-Time scan stops coinmining malware in its tracks by checking for the prevalence of PE/process files against the Smart Protection Network’s File Reputation Service (FRS). This protects you against 0-day malicious attacks and warns you if the file is suspicious (i.e., hasn’t been seen anywhere before). TrendX (Machine Learning) also helps in the detection of local coinminers.
  • Finally, Trend Micro Security’s combination of signatures, rules, and behavior monitoring all work in a cross-correlated way to stop the installation and execution of PowerShell coinmining script-container files or malware. If a Real-Time or user-initiated scan finds such a container file or malware, it quarantines or deletes the offending file, then helps you clean up your computer and restore it to the way it was before the infection.

Similarly, in Trend Micro Mobile Security for Android:

  • WTP blocks you from going to bad websites that may contain coinminers when browsing or using popular texting services.
  • The Google Play Pre-installation Scan warns against installing fake/bad apps before they’re are downloaded. For side-loaded apps (direct *.apk installs), the app is checked against our Mobile App Reputation Service (MARS), to ensure it’s not flagged as harmful. If it is, the installation is blocked.
  • The Security Scan (also powered by MARS) catches any coinmining malware that has been installed, alerts the user of its presence, then gives you the option to delete it.

See Trend Micro Security Products Overview to see all the ways we protect you from web threats, viruses, bots, and malware, including ransomware and coinminers that can hijack your system. Trend Micro Security and Mobile Security protect PCs, Macs, Android and iOS devices.

Related Links:

  • Cryptocurrency-Mining Malware: 2018’s New Menace?
  • Security 101: The Impact of Cryptocurrency-Mining Malware
  • Cryptocurrency Mining: Abuse of system resources
  • 2017 Annual Security Roundup
  • Cluster of Coins: How Machine Learning Detects Cryptocurrency-mining Malware

Related posts:

  1. Don’t Be a Coinmining Zombie – Part 1: Getting Cryptojacked
  2. How to Protect Yourself Against Ransomware – Part 2
  3. Botnet Basics – Don’t become a Zombie!
  4. 2010 – Year of the Zombie Cloud?

Security Intelligence Blog

  • January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs
  • First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
  • Looking into Attacks and Techniques Used Against WordPress Sites

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Trend Micro Creates Factory Honeypot to Trap Malicious Attackers and Microsoft Leaves 250M Customer Service Records Open to the Web
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Can You Hack A Tesla Model 3? $500,000 Says That You Can't
  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.