Cryptojacking is a type of cybercrime that involves the unauthorized use of computers, smartphones, tablets, or even servers by cybercriminals to mine for cryptocurrency. Like many forms of cybercrime, the motive is profit, but unlike other threats, it is designed to remain completely hidden from the victim.
What Is Cryptojacking ?
Cryptojacking is a threat that embeds itself into a computer or mobile device and then uses its resources to mine for cryptocurrency. Cryptocurrency is digital or virtual money, which takes the form of tokens or “coins”.
The best known is Bitcoin, but there are around 3,000 other forms of cryptocurrency and although some cryptocurrencies have ventured into the physical world through credit cards or other projects, most remain virtual.
Cryptocurrencies use a distributed database, known as a “blockchain” to operate. The blockchain is regularly updated with information on all transactions that have taken place since the last update. Each set of recent transactions is combined into a “block” using a complex mathematical process.
To produce new blocks, cryptocurrencies rely on individuals to provide the computing power. Cryptocurrencies reward people who provide computing power with cryptocurrency. Those who exchange computer resources for money are called “miners”.
The largest cryptocurrencies use teams of miners running dedicated computing platforms to perform the necessary mathematical calculations. This activity requires a significant amount of electricity – for example, the Bitcoin network currently consumes more than 73 TWh of energy per year.
How Cryptojacking Works ?
Cybercriminals hack devices to install cryptojacking software. The software works in the background, mining cryptocurrencies or stealing cryptocurrency wallets. Unsuspecting victims typically use their devices, although they may notice slower performance or lags.
Hackers have two main ways to get a victim’s device to secretly mine cryptocurrencies:
- By forcing the victim to click on a malicious link in an email that loads the cryptomining code on the computer
Hackers often use both methods to maximize their return. In either case, the code places the cryptojacking script on the device, which runs in the background while the victim is working. Regardless of the method used, the script performs complex mathematical problems on the victims’ devices and sends the results to a server controlled by the hacker.
Unlike other types of malware, cryptojacking scripts do not harm victims’ computers or data. However, they steal computer processing resources. For individual users, slower computing performance can just be an annoyance. But cryptojacking is a problem for businesses because organizations with many cryptojacked systems incur real costs. For example:
- Use the time of support and IT staff to find performance issues and replace components or systems in the hope of fixing the problem.
- Increased electricity costs.
Some cryptomining scripts have worming capabilities that allow them to infect other devices and servers on a network. This makes them more difficult to identify and remove. These scripts can also check if the device is already infected with competing cryptomining malware. If another cryptominer is detected, the script disables it.
Malicious versions of cryptomining – that is, cryptojacking – do not ask for permission and continue to work long after leaving the original site. This is a technique used by owners of questionable sites or hackers who have compromised legitimate sites. Users have no idea that a site they have visited is using their computer to mine cryptocurrency. The code uses just enough system resources to go unnoticed. Although the user thinks the visible browser windows are closed, a hidden window remains open. Often times, this can be a pop-under, which is sized to fit under the taskbar or behind the clock.
Cryptojacking can even infect Android mobile devices, using the same methods that target desktop computers. Some attacks occur via a Trojan horse hidden in a downloaded application. Or users’ phones may be redirected to an infected site, leaving a persistent pop-unders. While individual phones have relatively limited processing power, when attacks occur in large numbers, they provide sufficient collective strength to justify the efforts of cryptojackers.
Cryptojacking Attack Examples
In 2019, eight separate apps that were secretly mining cryptocurrency with the resources of whoever downloaded them were kicked from the Microsoft Store. The apps are said to have come from three different developers, although it is suspected that the same individual or organization was behind them all.
In 2018, a cryptojacking code was discovered hidden on the Los Angeles Times Homicide Report page. When visitors went to the Homicide Report page, their devices were used to mine a popular cryptocurrency called Monero.
The threat was not detected for a while because the computing power used by the script was minimal, so many users would not be able to detect that their devices had been compromised.
In 2018, cryptojackers targeted the operational technology network of a European water utility control system, severely affecting the ability of operators to manage the utility plant. This was the first known case of a cryptojacking attack against an industrial control system. Similar to the Los Angeles Times hack, the miner generated Monero.
In early 2018, it turned out that the CoinHive miner was serving on YouTube ads through Google’s DoubleClick platform.
In July and August 2018, a cryptojacking attack infected more than 200,000 MikroTik routers in Brazil, injecting CoinHive code into a huge amount of web traffic.
How To Detect Cryptojacking ?
Detecting cryptojacking can be difficult as the process is often hidden or looks like volunteer activity on your device. However, here are some signs to watch out for when detecting Cryptojacking.
One of the main symptoms of cryptojacking is the decreased performance of your computing devices. Slower systems can be the first sign to watch out for, so be aware that your device is running slow, freezing, or showing unusually poor performance. Your battery is draining faster than usual is another potential indicator.
Cryptojacking is a resource-intensive process that can cause computing devices to overheat. This can damage the computer or shorten its lifespan. If your laptop or computer fan is running faster than usual, it may indicate that a cryptojacking script or website is heating up the device and your fan is running to prevent melting or fire.
Increase In CPU Usage
If you are seeing an increase in CPU usage when you are on a website with little or no media content, it may be a sign that cryptojacking scripts are running. A good test of cryptojacking is to check the central processing unit (CPU) usage of your device using the activity monitor or task manager.
However, keep in mind that processes can hide or disguise themselves as something legitimate to keep you from stopping the abuse. Also, when your computer is operating at its maximum capacity, it will run very slowly and therefore may be more difficult to troubleshoot.+