【听风译文】 加密劫持释疑（上）

原文链拉：Cryptojacking Explained | How It Works and How to Prevent

作者: Anca Faget

译者：听风

---

image

What Is Cryptojacking?

Cryptojacking is when a device is being used to mine cryptocurrency without the user’s consent after being infected with a malicious mining script. There are multiple scenarios in which one call fall a victim of this practice. It can be very easy to accidentally download malicious code from an apparently safe website or a free content management system.

This form of hijacking occurs only when you are browsing the internet and access a website that is cryptojacking inexperienced internet users. It script doesn’t even need to be downloaded or clicked to work, it just requires the user to browse the malicious website.

This is because there are plenty of websites that are infected with JavaScript code. Coinhive is the most used mining code for in-browsers because it is easy to deploy and can go untraced. Even specialized plugins may fail to detect sites that have been infected with Coinhive. Actually, nearly 82 percent of infected sites go unnoticed.

Cryptojacking represents one of the most serious threats the cyber world is facing, with one-quarter of all businesses already being affected. And the big businesses are not the ones that are even being targeted. Not even cryptocurrency exchanges, ICOs, or even crypto owners are the ones they are aiming for. It’s the average user that has a mobile phone, personal computer, server, or even IoT device, which can get cryptojacked just about anywhere, at any time.

什么是加密劫持

加密劫持是指设备在被恶意挖掘脚本感染后，未经用户同意而被用于挖掘加密货币。在许多情况下你都可能成为加密劫持的受害者，甚至只是一次通话。从一个看似安全的网站或免费的内容管理系统中偶然下载恶意代码，这种事情很容易发生。

这种形式的劫持在你浏览互联网并访问一个网站，而这个网站缺乏应对加密劫持的经验时会发生。IT脚本甚至不需要下载或点击就可以工作，它只需要用户浏览恶意网站（就会运行）。

这是因为有很多网站感染了javascript代码。[coinhive]（https://coinhive.com/）是浏览器中最常用的挖矿代码，因为它易于部署，并且无法被追踪。即使是专门的检测插件也可能无法检测到感染了coinhive的站点。事实上，近82%的受感染网站没有被发现。

加密劫持是网络世界面临的最严重威胁之一，四分之一的企业已经受其影响。而大企业并不是被攻击的目标。加密劫持的目标甚至不是加密货币交易所、IC0，和加密货币持有者。相反，拥有移动电话，个人计算机，服务器和物联网设备的普通人，随时随地都可能被加密劫持。

How cryptojacking works

Hackers basically have two ways of getting in a victim’s computer and exploiting its computing power to mine cryptos. The first one involves tricking the victims into loading cryptomining code onto their computers. This is achieved through phishing methods in which the victims receive a legitimate-looking email which contains a link that they are told to click on. The link then runs a code which injects the cryptomining script on the computer. The script then runs in the background while the computer is on.

The second method involves injecting a script on a website or an ad that is sent to multiple websites. Once the victims enter the website or the infected ad pop-ups in their browsers, the script then executes automatically. The code is not kept on the victims’ computers. Regardless of the method used, the code performs complex mathematical problems on the victims’ computers and sends the mining rewards resulted from the process to the hacker’s server.

Hackers will often employ both methods to increase their returns. For instance, out of 100 devices that mine cryptocurrencies for a hacker, 10 percent might be producing income from code on the victims’ machines, while 90 percent can mine via web browsers.

But contrary to most other types of malware, cryptojacking scripts do not touch the victims’ data which is stored on the computer. They only use the CPU’s processing resources. For individual users, a computer working slower than usual might be just an annoyance. But organizations with many infected systems can lead to real costs generated by the help desk and IT time used to find the performance issues and replace the hardware or systems in the hope of solving the problem.

加密劫持是如何进行的？

黑客基本上有两种方法侵入受害者的计算机并利用其运算能力来挖矿。第一种是诱骗受害者将加密代码加载到他们的计算机上。这是通过网络钓鱼的方式实现的，受害者会收到一封看上去合法的电子邮件，其中包含一个让他们点击的链接。然后，该链接将运行一个代码，该代码将在计算机上注入加密挖矿脚本。然后，脚本在计算机打开时会在后台运行。

第二种方法是在网站或发送到多个网站的广告上注入脚本，一旦受害者进入网站或在浏览器中弹出受感染的广告，脚本就会自动执行。这些代码并没有保存在受害者的电脑上。不管使用什么方法，代码都会在受害者的计算机上执行复杂的数学运算，并将挖矿得到的奖励发送到黑客的服务器。

黑客通常会使用这两种方法来增加他们的回报。例如，在为黑客挖掘加密货币的100种设备中，10%的设备可能从受害者机器上的代码中获得收益，而90%的设备是通过web浏览器进行挖矿。

但与大多数其他类型的恶意软件相反，加密脚本不会触及存储在计算机上的受害者数据。它们只使用CPU的处理资源。对于个人用户来说，电脑运行速度比平时慢可能只是一种烦恼。但是，系统被感染的组织可能会导致成本增加，并且需要时间来发现性能问题并替换硬件或系统，以期解决问题。

（未完待续……）

---

听风说币： 区块链中文字幕组成员。微信号seeknsee，欢迎关注我的微信公众号听风说币，我们一起在区块链的世界里，思考、进化，践行、成长。你也可以在我公众号或币乎文章中留言，咱们私撩~

本文为个人观点，仅供参考，不构成投资建议。版权所有，转载请先联系。