Cryptojacking khatarta macdanta birawsarka cusub ee aad u baahan tahay inaad wax ka ogaato

Cryptojacking ama kriptomining xaasidnimo ah(malicious cryptomining) waa khiyaamo cusub oo loo isticmaalo in lagu soo saaro Cryptocurrencies kombayutarka(Cryptocurrencies) isticmaalaha iyagoo isticmaalaya agabkooda CPU ee gadaasha iyagoon aqoon u lahayn. Caadi ahaan, dambiilaha internetka waxa uu ku shubaa qoraal biraawsarkaaga mareegaha dhibbanaha kaas oo ka kooban fure goob gaar ah si loogu qasbo isticmaaluhu inuu hodmo.

Haddii aad la dhibtoonayso kombuyuutar gaabis ah ama isku xirka internetka, ha eedayn kaliya iibiyaha ama bixiyaha adeegga sababtoo ah waxaa laga yaabaa inaad dhibane u tahay khiyaamo cusub oo ay isticmaalaan hackers-ka ee loo yaqaan browserka Cryptojacking .

Cryptojacking

Kobcinta Cryptojacking(Cryptojacking) waxaa loo aaneynayaa xiisaha sii kordhaya ee Cryptocurrencies dhowrkii bilood ee la soo dhaafay. U fiirso Bitcoin bilihii la soo dhaafay ama wax ka badan, qiimihiisuna wuxuu kor u kacay in ka badan 1,000%. Tani waxay soo jiidatay dareenka tuugada sidoo kale waxay dhashay dhaqamo khatar ah sida Crytptojacking .

Waa maxay Cryptojacking

Soo ifbax(Emergence)

Kahor intaanan fahmin waxa Cryptojacking , marka hore aan ogaano waxa ku saabsan Cryptomining .

Cryptomining ama Cryptocurrency Mining waa habka uu cryptocurrency ku yimaado jiritaanka, iyadoo la adeegsanayo tignoolajiyada blockchain. Cryptomining waxay(Cryptomining) sidoo kale u ogolaataa qadaadiicda cryptocurrency cusub in lagu sii daayo suuqa. Macdanta(Mining) waxaa fuliya facooda qaar ka mid ah shabakada cryptocurrency kuwaas oo ku tartamaya (qof ahaan ama koox ahaan) xallinta mushkilad xisaabeed oo adag, oo loo yaqaan caddayn-shaqo.

Bishii Sebtembar 2017, Coinhive ayaa ka soo muuqday suuqa, isaga oo siinaya macdanta cryptocurrency ee loo yaqaan Monero ( XMR ). Coinhive asal ahaan waxay bixisaa gabal kood ku qoran JavaScript kaas oo milkiilayaasha mareegaha ay si fudud ugu dhejin karaan shabakadooda. Coinhive waxa(Coinhive) ay soo bandhigtay qaab ganacsi oo cusub oo loogu talagalay mareegaha iyada oo ku andacoonaysa in mulkiilayaasha mareegaha ay ka saari karaan xayeysiisyada shabakadooda, oo ay ku shuban karaan Coinhive(Coinhive) beddelkeeda.

Marka isticmaalayaashu galaan degel leh Coinhive -ku-xidhan yahay , Coinhive wuxuu(Coinhive) bilaabaa habka macdanta loo yaqaan 'crypto mining' isagoo ka wakiil ah milkiilaha mareegaha iyadoo la adeegsanayo ilaha nidaamka isticmaalaha (taasi waa sababta uu PC-gu inta badan u noqdo mid gaabis ah). Soo-booqdayaasha mareegaha waxay matalaan kooxda qanjidhada samaynaysa shaqada xisaabinta degdega ah si loo xalliyo dhibaatada xisaabta. Si kastaba ha ahaatee, halkii ay ka heli lahaayeen abaalmarinta marka la xalinayo caqabada, milkiilaha mareegaha ayaa helaya. Sidaa darteed(Hence) , milkiilayaasha mareegaha ayaa loo malaynayaa inay wali faa'iido samayn karaan oo ay taageeri karaan ganacsigooda, iyagoon loo malaynaynin inay booqdeyaashooda ku dhibin xayeysiisyada.

Inkasta oo Coinhive loogu talagalay inay noqoto mid sharci ah, fikradeeda ayaa keentay soo bixitaanka software la mid ah, kaas oo hadda loo isticmaalo dambiilayaasha internetka ee xadgudubka(Cryptomining abuse ) Cryptomining ama Cryptojacking.

Marka la soo koobo, Cryptojacking waa farsamada afduubka daalacashada ee macdanta cryptocurrency, iyada oo aan ogolaansho isticmaale. Bixinta macdanta cryptocurrency iyada oo loo marayo malware waa xaqiiqo la og yahay, laakiin macdanta cryptocurrency marka la gelayo bogga mareegaha ayaa ah mid cusub oo horseeday in weeraryahannadu ay ku xad-gudbaan faa'iidooyin shaqsiyeed.(In short, Cryptojacking is the technique of hijacking browsers for mining cryptocurrency, without user consent. Delivering cryptocurrency miners through malware is a known fact, but mining cryptocurrency when accessing a webpage is new and has led to the attackers abusing for personal gains.)

Cryptojacking ma aha malware dhaqameed

Cryptojacking ma dhibayso kombayutarkaga sida malware-ka caadiga ah ama fal ransomware . Midna ma kaydiyo ama ma xidho shay baabuurka adag. Sidaa darteed(Hence) , lafteedu maaha malware-ka sidaas oo kale, laakiin waxaa hubaal ah in lagu soo gelin karo nidaamkaaga iyadoo la isticmaalayo malware.

Cryptojacking , oo la mid ah malware, waxay isticmaashaa agabka PC-gaaga ogolaansho la'aan. Waxay keeni kartaa in PC-ga iyo browser-yadu ay si aad ah u caajisaan, oo batteriga ka saaraan oo ay kor u qaadaan biilasha korontada adiga oo aan xitaa ogaan.

Natiijooyinka Cryptojacking

Cryptojacking waxay saamayn kartaa Windows OS iyo sidoo kale Mac OSX & Android . Waxaa jiray kiisas badan oo Cryptojacking ah oo dhawaan la soo sheegay. Qaar ka mid ah noocyada caanka ah waxaa ka mid ah kuwan soo socda:

Shabakado isticmaalaya Coinhive si ula kac ah(Websites using Coinhive deliberately)

Pirates Bay wuxuu ahaa mid ka mid ah ciyaaryahankii ugu horreeyay ee dambiilayaasha ah ee u isticmaalay Coinhive si ula kac ah. Arrintu waxay ahayd in si hufan loo sameeyay, iyada oo aan oggolaansho laga helin booqdayaasha. Markii la helay qoraalka macdanta 'crypto', Pirate Bay ayaa soo saartay bayaan ay ku sheegtay inay tijaabinaysay xalkan sidii ilo dakhli oo kale. Cilmi-baadhayaashu waxay ka baqayaan inay jiraan shabakado badan oo noocaas ah kuwaas oo horeyba u isticmaalayay Coinhive iyaga oo aan ogolaansho ka haysan booqdaha.

Coinhive ayaa lagu duray mareegaha la jabiyay(Coinhive injected into compromised websites)

Cilmi-baadhayaashu waxay caddeeyeen boggaga internetka ee WordPress iyo Magento ee leh Coinhive , ama macdan ku salaysan JavaScript oo la mid ah iyaga lagu duray.

Akhri(Read) : Maxaa la sameeyaa haddii Coinhive crypto-mining script uu waxyeeleeyo mareegahaaga.

Cryptojacking iyadoo la isticmaalayo kordhinta browserka(Cryptojacking using browser extensions)

In-browser- ka cryptojacking wuxuu isticmaalaa JavaScript ee bogga shabakadda si uu wax ugu sameeyo cryptocurrencies. JavaScript waxa ay ku shaqaysaa wax ku dhaw degel kasta oo aad booqato, sidaa awgeed koodhka JavaScript ka masuulka ka ah macdanta browserka uma baahna in la rakibo. Sida ugu dhakhsaha badan ee aad u soo shubto bogga, iyo in-browser code macdanta kaliya shaqeeya.

Waxaa jira kiisas ku saabsan kordhinta biraawsarka shabakadda ee ku dhejisan Coinhive(Coinhive) halkaasoo software-ka cryptomining uu gadaal ka socdo oo laga qodo "Monero" inta uu browserku shaqeynayo - oo aan ahayn kaliya marka la booqanayo degel gaar ah.

Cryptojacking oo leh malware(Cryptojacking with malware)

Tani waa nooc kale oo xadgudub ah halkaas oo Coinhive la geeyo iyada oo ay weheliso malware iyada oo loo marayo cusboonaysiinta Java been abuur ah.(Java)

Cryptojacking ee aaladaha Android(Cryptojacking in Android devices)

Kala duwanaanshiyaha Android ee (Android)Coinhive ayaa la ogaaday in lagu beegsanayo isticmaalayaasha Ruushka. Isbeddelkan ayaa soo jeedinaya in Cryptojacking ay ku fidinayso codsiyada moobiilka sidoo kale.

Goobo-gaaban oo la isku dhejiyay oo ku dhex jira Coinhive(Typosquatted domains embedding Coinhive)

Qof ayaa diiwaan gashaday "twitter.com.com" oo ku shubay Coinhive(Coinhive) . Asal ahaan, isticmaalayaasha si khaldan u tebiyay URL(URL) -ka Twitter-ka oo ku degay boggaas waxa ay Monero u qodayaan milkiilaha bogga inta ay ku sii jiraan bogga shabakadda.

Cryptojacking iyada oo loo marayo adeegyada daruuraha(Cryptojacking through cloud services)

Dembiilayaasha internetka ayaa afduubaya aaladaha daruuriga(Cloud) ah ee aan la hubin waxayna u adeegsadaan macdanta cryptocurrency.

Microsoft waxay ogeysiisay kala duwanaanshiyaha Coinhive lagu arkay duurjoogta. Horumarka noocan oo kale ah ayaa muujinaya in guusha Coinhive ay dhiirigelisay soo bixitaanka software la mid ah dhinacyada kale ee raba inay ku biiraan suuqan.(Microsoft has notified of variations of Coinhive being spotted in the wild. Such a development indicates that Coinhive’s success has motivated the emergence of similar software by other parties that want to join this market.)

Minr - Beddelka Coinhive(A Coinhive) ayaa soo baxaya

Isticmaalka Coinhive ee isticmaalayaasha sharciga ah ayaa guud ahaan hoos u dhacayay taas oo ay ugu wacan tahay sumcad-darrada ay heshay tan iyo markii la bilaabay. Coinhive sidoo kale si fudud ayaa loo baari karaa taas oo ah xaqiiqo kale oo ah in dadka ay jecel yihiin aysan ku isticmaalin shabakadooda.

Cryptojacking khatarta macdanta browserka cusub

Sidaa darteed, beddelka, kooxda Minr , waxay soo saareen ikhtiyaarka " daahsoon(obfuscation) ", taas oo ka dhigaysa mid aad u adag in la raad raaco macdanta. Tani waxay fududaynaysaa isticmaalka qarsoon ee qalabka. Habkani waa mid aad waxtar u leh oo wuxuu qariyaa koodka(hides the code) xitaa qalabka caanka ah ee ka hortagga Malwarebytes .

Sida looga ilaaliyo Cryptojacking

Cryptocurrencies & Tignoolajiyada Blockchain ayaa la wareegaysa adduunka. Waxay saamayn ku yeelanaysaa dhaqaalaha caalamka waxayna keenaysaa khalkhal dhinaca tignoolajiyada ah sidoo kale. Qof kastaa wuxuu bilaabay inuu diirada saaro suuqan faa'iidada leh - tanina waxaa ku jira sidoo kale tuugada bogga internetka. Markay soo laabashadu kordho, waa inaan filaynaa in tignoolajiyada noocaas ah si khaldan loo isticmaali doono.

Inaad fiiro gaar ah u yeelato markaad baadhayso waa shay ay tahay inaad si joogto ah u dhaqanto haddii aad rabto inaad ka fogaato khiyaanada Cryptojacking. Waxaad ku jirtaa mareegaha la jabsaday haddii aad ku aragto kor u kac degdeg ah isticmaalka xusuusta iyo waxqabadka caajiska ah ee PC gaaga. Ficilka ugu fiican ee halkan waa in la joojiyo habka adoo ka baxaya website-ka, oo aan mar kale soo booqan.

Waa inaad sidoo kale ku rakibtaa software wanaagsan oo ammaan ah(good security software) oo aad cusbooneysiiso, sidoo kale shid firewalls oo aadan gujin xiriiriyeyaasha shakiga leh markaad baadhayso(not click on suspicious links while browsing) .

Waxaad isticmaali kartaa barnaamijyada Anti-WebMiner mid ka mid ah taxaddarrada.

Adeegso balaadhinta browserka ka xannibaya shabakadaha inay u isticmaalaan CPU gaaga macdanta crypto . Haddii aad isticmaasho biraawsarkaaga Chrome , ka dib ku (Chrome)rakib(Install) kordhinta minerBlock. Waa fidinta faa'iidada leh ee biraawsarka Chrome si uu u xannibo macdan qodayaasha cryptocurrency-ku-salaysan ee shabakada oo dhan. Marka laga reebo CoinHive waxay xitaa xannibaysaa Minr .

Taxaddar kale oo lagama maarmaan ah waa in la cusboonaysiiyo faylkaaga Hosts(Hosts file) si loo joojiyo coinhive.com iyo meelaha kale ee loo yaqaan inay awood u yeeshaan macdanta aan la ogolayn. Xusuusnow(Remember) , Cryptojacking wali way sii kordheysaa iyadoo dad badan oo aad u badan ay u soo jiidanayaan Cryptocurrencies, markaa liistooyinkaaga waa in si joogto ah loo cusbooneysiiyaa.

Ka ilaali CoinHive(Prevent CoinHive) inay ku faafiso mareegahaaga

  1. Ha isticmaalin qaab-dhismeedka NULL ama plugins boggaaga/madaxdaada.
  2. Ka dhig CMS -gaaga mid la cusboonaysiiyay ilaa noocii u dambeeyay.
  3. Si joogto ah u cusboonaysii software-kaaga martigelinta ( PHP , Database , iwm.).
  4. Ku(Secure your website) xafid mareegahaaga bixiyeyaasha amniga shabakadda sida Sucuri , Cloudflare , Wordfence , iwm.
  5. Qaado taxaddarrada aasaasiga ah si aad u sugto bloggaaga(precautions to secure your blog) .

Stay alert, stay safe!



Phoenix Schultz

About the author

Waxaan ahay injineer maqal ah oo xirfad leh oo leh khibrad 10 sano ka badan. Waxaan ka shaqeynayay warshadaha muusikada dhowrkii sano ee la soo dhaafay, waxaanan ku yeeshay sumcad xooggan gudaha goobtaas. Waxaan sidoo kale ahay koontada isticmaale ee khibrad sare leh iyo hawlwadeenka badbaadada qoyska. Mas'uuliyadahayga waxaa ka mid ah maaraynta xisaabaadka isticmaalaha, bixinta taageerada macaamiisha, iyo bixinta talooyinka badbaadada qoyska shaqaalaha.


Related posts