What Is Cryptojacking?


What is cryptojacking, and how can it be avoided? Cryptojacking, also known as malicious crypto mining, is a form of cybercrime that entails the theft or illegal mining of digital currencies like Bitcoin, Monero, Dash, and Ethereum. This typically means hacking into other computers in order to steal their computing power and other tools.

Hackers “hijack” the computing capacities of users’ computers to illegally “mine” for cryptocurrencies in a cryptojacking attack. (Thus the clever moniker.) They steal previously mined cryptocurrencies from the targets’ crypto wallets in certain instances.

Generally speaking, there are four main ways to obtain cryptocurrencies (virtually speaking, of course):

  • Cryptocurrencies, such as Bitcoin, may be purchased or invested in.
  • To legally mine cryptocurrencies, build a high-powered rig (or rent computing power from others’ machines). It’s not cheap, and it’s extremely resource-intensive.
  • Hijack other people’s computers’ computing resources and use them to mine crypto without their permission.
  • Steal mined crypto currencies from other crypto miners’ or investors’ cryptographic wallets.

As you would imagine, the first two are legal, but the last two are swimming in illegal waters. And it’s in this last group that cryptojacking cybercriminals excel.

But, if you’re interested in learning more about cryptojacking and how it works, you’ve come to the right spot. We’ll not only answer your question about “what is cryptojacking,” but we’ll also discuss how to keep cryptojacking from affecting you and your company.

What Is Cryptojacking? An Explanation

Cryptojacking is a concept that refers to the theft of computing resources and processing power in order to mine for cryptocurrencies. In a nutshell, it’s the ugliest type of cryptocurrency mining. This is the most popular concept of cryptojacking. The US Cybersecurity & Infrastructure Protection Agency (CISA), for example, defines it as follows:

“Cryptojacking occurs when malicious cyber actors effectively hijack the processing power of the victim devices and systems by exploiting vulnerabilities—in webpages, software, and operating systems—to illicitly install cryptomining software on victim devices and systems.”

Some cryptojacking meanings, on the other hand, use the word to define cryptocurrency theft, claiming that it’s a way for cybercriminals to illegally access the contents of your cryptographic wallet using scripts and codes.

With this distinction of meanings in mind, there are two primary approaches to considering how cybercriminals participate in cryptojacking:

  • To mine for cryptocurrencies, cybercriminals will steal the processing capabilities of unsuspecting individuals’ computers. (This is how cryptojacking is most commonly described.)
  • Cybercriminals have the potential to steal cryptocurrency from other people’s cryptographic wallets. This can be accomplished by employing cryptojacking software or by abusing legal crypto mining software.

The first type of cryptojacking is a method of cryptocurrency mining (which we’ll go over in more detail later). However, since it is performed without the system owner’s permission or knowledge, it is a clandestine and sometimes illegal version of it. Although legitimate computer users can benefit from crypto mining, cryptojacking is all about walking on others and stealing their money in order to profit financially. The people who are being stepped on, on the other hand, are blissfully unaware of what is going on and how their gadgets are being used.

Cryptojacking is a malicious and illegal method of cryptocurrency mining in which cybercriminals use malicious code or a cryptojacking script to carry out their plans. These scripts can be delivered through phishing emails or malicious advertising. In either case, malicious code is downloaded to your computer or browser, enabling cybercriminals to mine cryptocurrencies using your computing and graphics resources.

Fortunately, law enforcement is attempting to prosecute cryptojacking offenders. Indeed, the United States Department of Justice (DOJ) revealed at the end of 2019 that two Romanian cybercriminals were sentenced to 20 and 18 years in prison, respectively, for their roles in creating and distributing crypto mining malware.

What Types of Devices Are Affected by Cryptojacking

Cryptojacking attacks target a wide range of devices, including desktop computers, laptops, tablets, smartphones, gaming systems, and other devices. Cryptojacking attacks can be launched against everything that can connect to the internet.

But why would cybercriminals choose smartphones as their target? Isn’t it true that they just have a small amount of computing power? That is right. However, when hundreds or even thousands of such devices are combined, those “minimal” resources easily add up. With the aim of cryptojacking, cybercriminals build entire botnets consisting of thousands or hundreds of thousands of computers (think Smominru or the newly discovered Prometei cryptojacking botnet). So, 1+1+1+1+1… You see what I mean.

And when all of this is going on, you’re totally unaware of it and may be wondering why your system has suddenly become sluggish.

Cryptojacking Scripts and Code: 4 Signs That Your Computer or Website Has Been Hacked

How can you tell if your computer or website is being used as a pawn in a cryptojacking scheme? There are a few indicators that a cryptojacking script or code has infected your computer or website:

  • Your computer is slow or has other problems with efficiency (such as crashing). This has already been discussed. You could have cryptojacking code running on your computer if it is unusually slow or has performance problems.
  • Your system is overheating or your battery is draining faster. All crypto mining operations, including malicious crypto mining, consume a lot of energy. As a result, it will drain your device’s battery much faster than normal.
  • You’ve noticed unusually high CPU utilisation and latency. If your system seems to be moving at breakneck speed, it’s a sure sign that something is wrong.
  • You notice changes to the files or code of your website. It’s always a red flag when you notice changes like this that you don’t recall making.

Cryptojacking code is difficult to detect because it 1) does not always use a standard downloader and 2) can rely on legal crypto mining scripts and software to operate. If you find crypto mining malware during a search, however, it’s a sure sign that your device has been hacked.

Let’s take some time to better understand how cryptojacking functions now that you know what to look out for. To do so, however, you must first understand how legal crypto mining works. (Don’t worry; we’ll get through this quickly.)

Crypto Mining: How You Mine Cryptocurrencies Legally

Cryptocurrency mining is cryptojacking’s law-abiding relative. Crypto mining, unlike its illegal cousin, is a legal way to produce digital money using machines, encryption, and a shared list of data blocks known as a ledger. (A blockchain is another name for this.)

Of course, we won’t go through all of the technical information here; we did so recently in an article that describes what cryptocurrency mining is and how it works.

To summarise, crypto mining is the method of attempting to solve equations and validate cryptographic functions using large quantities of computational power. You compete with other crypto miners for a chance to be rewarded with cryptocurrency for your efforts.

Let’s look at it from the perspective of the most well-known cryptocurrency. The crypto mining method in Bitcoin entails using computers to solve equations. (In other words, you automate the guessing process to keep trying to solve the equation.) They must then update a shared ledger to represent any changes if they are effective. You’ll be rewarded with a new Bitcoin in your crypto wallet if this happens.

Isn’t it lovely? So, hold off on quitting your day job just yet. Crypto mining is a difficult process that necessitates a significant amount of computing power. Because of this, doing it at scale is prohibitively costly, and crypto mining is all about pace. (We’ll go over those energy consumption costs in more detail later.)

If your machine can’t guess numbers fast enough and try to solve the equations, someone else with a device that can will outsmart you. And if they reveal their solution to the problem before you do, the game is up, and they’ll be the ones to reap the benefits. And all you get is a shabby t-shirt announcing your participation (and that’s only if you make one for yourself.)

Cryptomining Abuse: The Two Primary Cryptojacking Methods

There are two key ways that cybercriminals mine for cryptocurrencies illegally, as we stated earlier. Typically, this entails the use of malware or scripts that are installed on the computer or in the browser. Some scripts have worm capabilities, allowing them to spread across your network and infect other computers.

Do cybercriminals, on the other hand, choose one approach to the other? Yes, of course. However, many people want to combine the two strategies in order to obtain better results and “get more bang for their buck,” as the saying goes.

Browser-Based Cryptojacking

This method of cryptojacking includes the development of malicious crypto mining scripts that can be inserted into websites by hackers. They can do this in a variety of ways, including by hiding the code on websites through malicious advertising (malvertising campaigns), obsolete plugins, or other flaws.

When legitimate users visit certain pages, the malicious code executes regardless of the process they use. Of course, there are fears that illegal cryptomining activities continue even after you leave a hacked website.

According to the Symantec Threat Hunter Team’s Broadcom Threat Landscape Trends survey, there was a significant increase in records of blocked browser-based cryptojacking attempts in Q2 2020. Attacks of this kind increased by 163 percent. And you’d be right if you said Bitcoin (BTC) and Monero (XMR) are the two most frequently stolen cryptocurrencies in browser-based cryptojacking assaults.

Shitcoin Wallet was a Google Chrome extension that drew the attention of cryptography researchers at the start of 2020. Excuse the language. While this browser extension was promoted as a way for users to control their Ether coins and some Etherium tokens in the browser, first impressions can be deceiving. According to ZDNet, the extension inserted JavaScript code into web pages. Hackers will be able to steal private keys and passwords from users’ crypto wallets and portals and send them to a third-party site using this code.

In our article on social networking scams numbers, we also discussed how cybercriminals use social media platforms to spread crypto mining malware. Bromium and Dr. Mike McGuire of the University of Surrey discovered that advertisements, applications, and various links exchanged on social networking sites can also be used as payload delivery methods for various crypto mining malware strains. According to their study, cryptojacking attacks net cybercriminals $250 million per year.

Given that cryptojacking jerks aren’t contributing a penny against the costs of running all of the machines they’re using, this isn’t a bad deal… Don’t you think so?

Device-Based Cryptojacking

Cryptojacking entails secretly installing malware or malicious code on corporations’ and users’ computers and networks in order to steal their assets. They can do this by using malvertising to instal drive-by malware on users’ computers, or by convincing users to download malware on their own through phishing emails or watering hole websites, among other methods.

Trojans can also be used to distribute cryptojacking scripts and code. These forms of malware are often concealed inside decoy downloader apps, so you are unaware of their presence.

It doesn’t matter how the crypto mining payload gets onto your computer or network; once it does, it’s bad news for you. The malware, unbeknownst to you, takes over your device’s critical resources, making it slow and laggy. But doesn’t this necessitate the use of various types of code to operate with various systems? Yeah, but cybercriminals are resourceful enough to make this a non-issue as well.

According to an AT&T AlienLabs technical review of a few crypto mining worms, once a computer is compromised, various variants of malicious code continue to deploy before one that is compatible with the target’s device is found:

“Rather than attempting to identify the device architecture and then downloading the appropriate implant, the malware writers have chosen to download implants in a loop and then split the loop after the first implant has been successfully installed.”

Malware that targets Microsoft SQL Servers in a variety of industries is known as Volgar.

In a two-year global campaign known as Vollgar, cybercriminals targeted servers running Microsoft SQL, according to GuardiCore. The campaign’s stated aim was to spread remote access tools (RATs) and cryptominers, which they estimate infected up to 3,000 devices a day.

An Overview of Crypto Mining and Cryptojacking

With the launch of CoinHive in late 2017, crypto mining seemed to be gaining momentum. This cryptocurrency mining service advertised itself as a way for legal domain owners to mine for cryptocurrency as an alternative to displaying advertisements on their websites. This service allowed CoinHive-embedded websites to mine for cryptocurrencies using the computer and processing resources of their users’ devices (while they were on the site).

This service, however, attracted the attention of cybercriminals. And, as is always the case with cybercriminals, they took a potentially beneficial service and transformed it into something obnoxious.

Hackers started using CoinHive-based cryptojacking malware to attack and steal from the crypto wallets of unsuspecting users. However, large-scale crypto mining necessitates a lot of computing capacity, which is partly due to the fact that cryptocurrencies consume a lot of electricity.

The University of Cambridge’s Cambridge Centre for Alternative Finance developed a tool that calculates Bitcoin network power consumption. The annualised energy consumption is estimated to be 67.38 TWh (terawatt hours). It takes more energy to fuel Bitcoin for a year than the entire country of Austria does in the same time span.

These digital devils knew they’d need more power to pull it off.

Hackers used CoinHive malware as a go-to tool for a long time, but that stopped when the legal CoinHive shut down in early 2019. Cybercriminals can now use XMRig and Bitminer cryptominer variants, but the combined amount of these two malware is only a “fraction” of the CoinHive-related malware, according to SonicWall’s 2020 Cyber Threat Study.

What Makes Cryptocurrencies So Attractive to Cybercriminals

As you mine cryptocurrency, you get digital “coins” that you can store in your crypto wallet.

Cryptocurrencies are gaining popularity among both investors and cybercriminals as a substitute for conventional, centralised banking. Instead of going through a bank, transactions are processed through a decentralised ledger operated by a network of users.

In 2009, BitCoin, the world’s first cryptocurrency, was created. Since then, both investors and cybercriminals have taken a strong interest in cryptocurrencies. According to coinmarketcap.com, there are now 7,487 cryptocurrencies in circulation with a market capitalization of more than $397 billion (as of Oct. 23, 2020).

Cryptocurrencies are often quite appealing to criminals because of their decentralisation and lack of control. They like to use cryptocurrencies to buy and sell less-than-savory goods on the black market without regulatory regulation, or to demand ransom payments from victims of ransomware attacks. Monero is one of the most commonly attacked forms of cryptocurrency when it comes to cryptojacking attacks.

How to Prevent Cryptojacking From Affecting Your Site and Devices

  • This is a brilliant topic to consider. There are a few things you should be aware of if you want to stop cryptojacking.
  • Become knowledgeable about phishing emails and malicious websites for yourself (and your employees).

Phishing is a common method used by cybercriminals to spread malware and other malicious code. This involves malware and cryptojacking code. With this in mind, require all of your staff to complete cyber security training and phishing tests on a regular basis. This will allow you to see how (or if) they’re putting what they’ve learned into practise, as well as recognise places where cyber knowledge is lacking in preparation for future training.
Prepare the IT staff to deal with cryptojacking threats by training and preparing them.

Of course, we mean all of your employees when we say train them. This applies to the IT staff as well. Make sure they have the information and resources they need to spot cryptojacking-related activities and payloads and react appropriately.

Block JavaScript In Your Browser

Blocking JavaScript will help shield you from cryptojacking on the fly. Although it can seem inconvenient and prevent such features, you must determine what is more essential.

Install an Ad Blocker in Your Browser or On Your Mobile Device

Since malicious ads are a popular way for cryptojacking scripts and code to be delivered, it’s best to avoid the problem entirely by blocking ads. Additionally, you will no longer be bombarded with a barrage of political ads and other ad-related annoyances.

Regularly Scan Your Website for Vulnerabilities

Although this is an industry best practise that you should already be doing, we’re including it here just in case another reader hasn’t. (We’re sure you still do that on a regular basis, right?)
Keep Your Devices and Software Patched and Up to Date

Remember how we said earlier that certain cryptojacking payloads take advantage of known flaws in software, such as obsolete plugins? Yeah, well, this might be able to help you avoid the dilemma. Through keeping your programmes, applications, and computers up to date, you will avoid being a target of an exploit that a publisher or manufacturer patched years earlier but you never bothered to apply.

Final Thoughts: What Cryptojacking Is and How It Works

Yes, there is a lot of material to cover. However, I hope that this article has addressed your questions about “cryptojacking.” as well as “what is cryptojacking?” and “how does it work?” “How do you avoid malicious crypto mining?” and “How do you prevent malicious crypto mining?”

Although there’s a lot more we could cover in an article like this, there’s only so much time in the day, and we just wanted to make sure it was something that everyone, regardless of their level of tech expertise, could follow along with.

So, here’s a brief rundown of what cryptojacking is and how it works:

  • Cryptojacking is a form of cryptocurrency mining that is used for malicious purposes.
  • Cryptojacking, unlike legal crypto mining, deploys cryptojacking scripts and code into unsuspecting users’ devices and browsers via malicious payloads.
  • These malicious tools take control of certain devices’ valuable resources without the consent or approval of their owners. These compromised computers may be used as part of larger cryptojacking botnets.
  • Cryptojacking normally employs attack vectors that are either computer or browser-based.
  • Injections, obsolete plugins, and malicious advertisements are commonly used to deliver this form of payload to browsers and common websites.
  • Though cryptojacking was on the decline in Q2 2020, browser-based cryptojacking grew in popularity.
  • Bad system performance and high CPU consumption are two main indications that your device may be running cryptojacking code.
Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.