【聽風譯文】 加密劫持釋疑(上)
原文鏈拉:Cryptojacking Explained | How It Works and How to Prevent
作者: Anca Faget
譯者:聽風
What Is Cryptojacking?
Cryptojacking is when a device is being used to mine cryptocurrency without the user’s consent after being infected with a malicious mining script. There are multiple scenarios in which one call fall a victim of this practice. It can be very easy to accidentally download malicious code from an apparently safe website or a free content management system.
This form of hijacking occurs only when you are browsing the internet and access a website that is cryptojacking inexperienced internet users. It script doesn’t even need to be downloaded or clicked to work, it just requires the user to browse the malicious website.
This is because there are plenty of websites that are infected with JavaScript code. Coinhive is the most used mining code for in-browsers because it is easy to deploy and can go untraced. Even specialized plugins may fail to detect sites that have been infected with Coinhive. Actually, nearly 82 percent of infected sites go unnoticed.
Cryptojacking represents one of the most serious threats the cyber world is facing, with one-quarter of all businesses already being affected. And the big businesses are not the ones that are even being targeted. Not even cryptocurrency exchanges, ICOs, or even crypto owners are the ones they are aiming for. It’s the average user that has a mobile phone, personal computer, server, or even IoT device, which can get cryptojacked just about anywhere, at any time.
什麼是加密劫持
加密劫持是指裝置在被惡意挖掘指令碼感染後,未經使用者同意而被用於挖掘加密貨幣。在許多情況下你都可能成為加密劫持的受害者,甚至只是一次通話。從一個看似安全的網站或免費的內容管理系統中偶然下載惡意程式碼,這種事情很容易發生。
這種形式的劫持在你瀏覽網際網路並訪問一個網站,而這個網站缺乏應對加密劫持的經驗時會發生。IT指令碼甚至不需要下載或點選就可以工作,它只需要使用者瀏覽惡意網站(就會執行)。
這是因為有很多網站感染了javascript程式碼。[coinhive](https://coinhive.com/)是瀏覽器中最常用的挖礦程式碼,因為它易於部署,並且無法被追蹤。即使是專門的檢測外掛也可能無法檢測到感染了coinhive的站點。事實上,近82%的受感染網站沒有被發現。
加密劫持是網路世介面臨的最嚴重威脅之一,四分之一的企業已經受其影響。而大企業並不是被攻擊的目標。加密劫持的目標甚至不是加密貨幣交易所、IC0,和加密貨幣持有者。相反,擁有行動電話,個人計算機,伺服器和物聯網裝置的普通人,隨時隨地都可能被加密劫持。
How cryptojacking works
Hackers basically have two ways of getting in a victim’s computer and exploiting its computing power to mine cryptos. The first one involves tricking the victims into loading cryptomining code onto their computers. This is achieved through phishing methods in which the victims receive a legitimate-looking email which contains a link that they are told to click on. The link then runs a code which injects the cryptomining script on the computer. The script then runs in the background while the computer is on.
The second method involves injecting a script on a website or an ad that is sent to multiple websites. Once the victims enter the website or the infected ad pop-ups in their browsers, the script then executes automatically. The code is not kept on the victims’ computers. Regardless of the method used, the code performs complex mathematical problems on the victims’ computers and sends the mining rewards resulted from the process to the hacker’s server.
Hackers will often employ both methods to increase their returns. For instance, out of 100 devices that mine cryptocurrencies for a hacker, 10 percent might be producing income from code on the victims’ machines, while 90 percent can mine via web browsers.
But contrary to most other types of malware, cryptojacking scripts do not touch the victims’ data which is stored on the computer. They only use the CPU’s processing resources. For individual users, a computer working slower than usual might be just an annoyance. But organizations with many infected systems can lead to real costs generated by the help desk and IT time used to find the performance issues and replace the hardware or systems in the hope of solving the problem.
加密劫持是如何進行的?
駭客基本上有兩種方法侵入受害者的計算機並利用其運算能力來挖礦。第一種是誘騙受害者將加密程式碼載入到他們的計算機上。這是透過網路釣魚的方式實現的,受害者會收到一封看上去合法的電子郵件,其中包含一個讓他們點選的連結。然後,該連結將執行一個程式碼,該程式碼將在計算機上注入加密挖礦指令碼。然後,指令碼在計算機開啟時會在後臺執行。
第二種方法是在網站或傳送到多個網站的廣告上注入指令碼,一旦受害者進入網站或在瀏覽器中彈出受感染的廣告,指令碼就會自動執行。這些程式碼並沒有儲存在受害者的電腦上。不管使用什麼方法,程式碼都會在受害者的計算機上執行復雜的數學運算,並將挖礦得到的獎勵傳送到駭客的伺服器。
駭客通常會使用這兩種方法來增加他們的回報。例如,在為駭客挖掘加密貨幣的100種裝置中,10%的裝置可能從受害者機器上的程式碼中獲得收益,而90%的裝置是透過web瀏覽器進行挖礦。
但與大多數其他型別的惡意軟體相反,加密指令碼不會觸及儲存在計算機上的受害者資料。它們只使用CPU的處理資源。對於個人使用者來說,電腦執行速度比平時慢可能只是一種煩惱。但是,系統被感染的組織可能會導致成本增加,並且需要時間來發現效能問題並替換硬體或系統,以期解決問題。
(未完待續……)
聽風說幣: 區塊鏈中文字幕組成員。微訊號seeknsee,歡迎關注我的微信公眾號聽風說幣,我們一起在區塊鏈的世界裡,思考、進化,踐行、成長。你也可以在我公眾號或幣乎文章中留言,咱們私撩~
本文為個人觀點,僅供參考,不構成投資建議。版權所有,轉載請先聯絡。
