What is Cryptojacking and how does it work? (2024)

Cryptojacking meaning & definition

Cryptojacking is a type of cybercrime that involves the unauthorized use of people's devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency. Like many forms of cybercrime, the motive is profit, but unlike other threats, it is designed to stay completely hidden from the victim.

What is cryptojacking?

Cryptojacking is a threat that embeds itself within a computer or mobile device and then uses its resources to mine cryptocurrency. Cryptocurrency is digital or virtual money, which takes the form of tokens or "coins." The most well-known is Bitcoin, but there are approximately 3,000 other forms of cryptocurrency and while some cryptocurrencies have ventured into the physical world through credit cards or other projects — most remain virtual.

Cryptocurrencies use a distributed database, known as 'blockchain' to operate. The blockchain is regularly updated with information about all the transactions that took place since the last update. Each set of recent transactions is combined into a 'block' using a complex mathematical process.

To produce new blocks, cryptocurrencies rely on individuals to provide the computing power. Cryptocurrencies reward people who supply the computing power with cryptocurrency. Those who trade computing resources for currency are called "miners".

The larger cryptocurrencies use teams of miners running dedicated computer rigs to complete the necessary mathematical calculations. This activity requires a significant amount of electricity – for example, the Bitcoin network currently uses more than 73TWh of energy per year.

Cryptojackers and the future of cryptojacking

That is where cryptojacking comes in: cryptojackers are people who want the benefits of cryptocurrency mining without incurring the huge costs. By not paying for expensive mining hardware or large electricity bills, cryptojacking allows hackers to mine for cryptocurrency without the large overheads. The type of cryptocurrency primarily mined on personal computers is Monero, which appeals to cybercriminals because it is difficult to trace.

There is some debate as to whether cryptojacking is in decline or on the rise. Cryptojacking tends to rise in proportion to the value of cryptocurrencies, particularly Bitcoin and Monero. But in recent years, two factors have had a dampening effect on cryptojacking:

  • Crackdowns by law enforcement.
  • The shutdown of Coinhive, which was the leading site which dealt with cryptominers. Coinhive provided JavaScript code that websites could incorporate to make visitors' computers mine Monero. Coinhive's code was quickly abused: a mining script could also be injected into a website by hackers without the site owner's knowledge. The site shut down in March 2019, and with it, the number of site infections went sharply down.

The motivation behind a cryptojacking attack is simple: money. Mining cryptocurrencies can be very lucrative, but making a profit is challenging without the means to cover large costs. Cryptojacking is the criminal manifestation of cryptomining and offers an illegitimate yet effective and inexpensive way to mine valuable coins.

How does cryptojacking work?

Cybercriminals hack into devices to install cryptojacking software. The software works in the background, mining for cryptocurrencies or stealing from cryptocurrency wallets. The unsuspecting victims use their devices typically, though they may notice slower performance or lags.

Hackers have two primary ways to get a victim's device to secretly mine cryptocurrencies:

  • By getting the victim to click on a malicious link in an email that loads cryptomining code on the computer
  • By infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim's browser

Hackers often use both methods to maximize their return. In both cases, the code places the cryptojacking script onto the device, which runs in the background as the victim works. Whichever method is used, the script runs complex mathematical problems on the victims' devices and sends the results to a server which the hacker controls.

Unlike other types of malware, cryptojacking scripts do not damage computers or victims' data. However, they do steal computer processing resources. For individual users, slower computer performance might simply be an annoyance. But cryptojacking is an issue for business because organizations with many cryptojacked systems incur real costs. For example:

  • The use of help desk and IT time spent tracking down performance issues and replacing components or systems in the hope of solving the problem.
  • Increased electricity costs.

Some cryptomining scripts have worming capabilities that allow them to infect other devices and servers on a network. This makes them harder to identify and remove. These scripts may also check to see if the device is already infected by competing cryptomining malware. If another cryptominer is detected, the script disables it.

In early instances of cryptomining, some web publishers sought to monetize their traffic by asking visitors' permission to mine for cryptocurrencies while on their site. They positioned it as a fair exchange: visitors would receive free content while the sites would use their computer for mining. For example, on gaming sites, users might stay on the page for some time while the JavaScript code mines for coin. Then when they leave the site, the cryptomining would end. This approach can work if sites are transparent about what they are doing. The difficulty for users is knowing whether sites are being honest or not.

Malicious versions of cryptomining – i.e. cryptojacking – don't ask for permission and keep running long after you leave the initial site. This is a technique used by owners of dubious sites or hackers who have compromised legitimate sites. Users have no idea that a site they visited has been using their computer to mine cryptocurrency. The code uses just enough system resources to remain unnoticed. Although the user thinks the visible browser windows are closed, a hidden one stays open. Often it can be apop-under,which is sized to fit beneath the taskbar or behind the clock.

Cryptojacking can even infect Android mobile devices, using the same methods that target desktops. Some attacks occur through a Trojan hidden in a downloaded app. Or users' phones can be redirected to an infected site, which leaves a persistent pop-under. While individual phones have relatively limited processing power, when attacks occur in large numbers, they provide enough collective strength to justify the cryptojackers' efforts.

What is Cryptojacking and how does it work? (1)

Cryptojacking attack – examples

High profile examples of cryptojacking include:

  • In 2019,eight separate apps that secretly mined cryptocurrencywith the resources of whoever downloaded them were ejected from the Microsoft Store. The apps supposedly came from three different developers, although it was suspected that the same individual or organization was behind them all. Potential targets could encounter the cryptojacking apps through keyword searches within the Microsoft Store, and on lists of the top free apps. When a user downloaded and launched one of the apps, they would inadvertently download cryptojacking JavaScript code.The miner would activate and start looking for Monero, using up a significant amount of the device's resources and therefore slowing it down.
  • In 2018, cryptojacking code was discovered concealed within the Los Angeles Times' Homicide Report page. When visitors went to the Homicide Report page, their devices were used to mine a popular cryptocurrency called Monero. The threat was not detected for a while because the amount of computing power the script used was minimal, so many users would not be able to detect that their devices had been compromised.
  • In 2018, cryptojackers targeted the operational technology network of a European water utility control system, seriously impacting the operators' ability to manage the utility plant. This was the first known instance of a cryptojacking attack against an industrial control system. Similar to the Los Angeles Times hack, the miner was generating Monero.
  • In early 2018, the CoinHive miner was found to be running on YouTube Ads through Google's DoubleClick platform.
  • During July and August 2018, a cryptojacking attack infected over 200,000 MikroTik routers in Brazil, injecting CoinHive code in a massive amount of web traffic.

How to detect cryptojacking

Cryptojacking detection can be difficult because the process is often hidden or made to look like a benevolent activity on your device. However, here are three signs to watch out for:

Cryptojacking detection – 3 things to look out for

  1. Decreased performance
    One of the key symptoms of cryptojacking is decreased performance on your computing devices. Slower systems can be the first sign to watch out for, so be alert to your device running slowly, crashing, or exhibiting unusually poor performance. Your battery draining more quickly than usual is another potential indicator.
  2. Overheating Cryptojacking is a resource-intensive process that can cause computing devices to overheat. This can lead to computer damage or shorten their lifespan. If your laptop or computer's fan is running faster than usual, this could indicate that a cryptojacking script or website is causing the device to heat up, and your fan is running to prevent melting or fire.
  3. Central Processing Unit (CPU) usage:
    If you see an increase in CPU usage when you are on a website with little or no media content, it could be a sign that cryptojacking scripts might be running. A good cryptojacking test is to check the central processing unit (CPU) usage of your device using the Activity Monitor or Task Manager. However, bear in mind that processes might be hiding themselves or masking as something legitimate to hinder you from stopping the abuse. Also, when your computer is running at maximum capacity, it will run very slowly, and therefore can be harder to troubleshoot.

How to protect yourself against cryptojacking

Use a good cybersecurity program:

A comprehensive cybersecurity program such as Kaspersky Total Security will help to detect threats across the board and can provide cryptojacking malware protection. As with all other malware precautions, it is much better to install security before you become a victim. It is also good practice to install the latest software updates and patches for your operating system and all applications — especially those concerning web browsers.

Be alert to the latest cryptojacking trends:

Cybercriminals are constantly modifying code and coming up with new delivery methods to embed updated scripts onto your computer system. Being proactive and staying on top of the latest cybersecurity threats can help you detect cryptojacking on your network and devices and avoid other types of cybersecurity threats.

Use browser extensions designed to block cryptojacking:

Cryptojacking scripts are often deployed in web browsers. You can use specialized browser extensions to block cryptojackers across the web, such as minerBlock, No Coin, and Anti Miner. They install as extensions in some popular browsers.

Use ad blockers:

Since cryptojacking scripts are often delivered through online ads, installing an ad blocker can be an effective means of stopping them. Using an ad blocker like Ad Blocker Plus can both detect and block malicious cryptojacking code.

Disable JavaScript:

When browsing online, disabling JavaScript can prevent cryptojacking code from infecting your computer. However, although that interrupts the drive-by cryptojacking, this could also block you from using functions that you need.

Block pages known to deliver cryptojacking scripts:

To prevent cryptojacking while visiting websites, make sure each site you visit is on a carefully vetted whitelist. You can also blacklist sites known for cryptojacking, but this may still leave your device or network exposed to new cryptojacking pages.

Cryptojacking might seem like a relatively harmless crime since the only thing 'stolen' is the power of the victim's computer. But the use of computing power for this criminal purpose is done without the knowledge or consent of the victim, for the benefit of criminals who are illicitly creating currency. We recommend following good cybersecurity practices to minimize the risks and to install trusted cybersecurity or internet security onto all of your devices.

Kaspersky Internet Security received two AV-TEST awards for the best performance & protection for an internet security product in 2021. In all tests Kaspersky Internet Security showed outstanding performance and protection against cyberthreats.

Related Articles:

  • What is Bitcoin?
  • What is Cryptocurrency?
  • 4 Common Cryptocurrency Scams
  • Are e-transfers safe?
  • How to protect your business from the increasing risks of cryptojacking
What is Cryptojacking and how does it work? (2024)

FAQs

What is cryptojacking and how does it work? ›

Cryptojacking is a type of cyberattack in which a cybercriminal hijacks a computer or mobile device and uses its processing power to mine cryptocurrency such as bitcoin.

What is crypto mining and how does it work? ›

Mining is conducted by miners using hardware and software to generate a cryptographic number that is equal to or less than a number set by the Bitcoin network's difficulty algorithm. The first miner to find the solution to the problem receives bitcoins as a reward, and the process begins again.

How does cryptojacking affect individuals? ›

One of the key symptoms of cryptojacking is decreased performance on your computing devices. Slower systems can be the first sign to watch out for, so be alert to your device running slowly, crashing, or exhibiting unusually poor performance.

What is a real world example of cryptojacking? ›

For example, the Romanian hacker group Outlaw compromises Linux servers and Internet of Things (IoT) devices by using default or stolen credentials and exploiting known vulnerabilities to launch DDoS attacks or mine Monero currency.

How do you know if you have been cryptojacked? ›

Here are three signs to look out for that can help you determine if you've been cryptojacked:
  • Reduced performance. Since unauthorized cryptomining is an intensive process, it causes additional strain on the system, resulting in random instances of slowdown and reduced performance. ...
  • Overheating. ...
  • CPU and GPU usage spikes.
May 30, 2024

Is crypto jacking illegal? ›

Cryptojacking might seem like a harmless crime, since the only thing 'stolen' is the power of the victim's computer. But the use of computing power for this criminal purpose is done without the knowledge or consent of the victim, for the benefit of the criminal who is illicitly creating currency.

Can you actually make money crypto mining? ›

Bitcoin mining profitability is affected by equipment and electricity costs, the mining difficulty, and bitcoin's market value. After accounting for the costs of bitcoin mining, it can become profitable as long as the market cooperates.

Does crypto mining really pay? ›

Your payout, should you be so lucky, will depend on whether you mine a block yourself (unlikely) or share it with other miners in a pool. Bitcoin pays out a mining reward each time a new “block” is entered into the permanent record of transactions. The reward shrinks every few years, but for now, it is 3.125 BTC.

Who pays Bitcoin miners? ›

In addition to rewards, miners also receive fees from any transactions contained in that block. When Bitcoin reaches its planned limit of 21 million (expected around 2140), miners will be rewarded with fees for processing transactions that network users will pay.

How can you tell if someone is crypto-mining? ›

High CPU usage: Bitcoin mining requires a lot of processing power, and as a result, your computer's CPU usage may be abnormally high. You can check your computer's CPU usage by opening the task manager or activity monitor on your computer.

How common is cryptojacking? ›

Considering this, cryptojacking is a way for criminals to cut costs while increasing their potential for financial gain. That's part of why it's growing in popularity, with 332 million cryptojacking attacks tallied in the first half of 2023, a record 399 percent increase from 2022.

Why are people against crypto-mining? ›

Crypto Mining Causes Local Air, Climate and Water Pollution

Crypto mining that relies on burning fossil fuels for electricity, directly or indirectly, causes all of the air and water pollution impacts of the underlying method of generating electricity.

Is crypto mining real or fake? ›

Crypto mining is the process of verifying transactions on a blockchain network and being rewarded with cryptocurrency in return. It's a legitimate way to earn cryptocurrency, but it's essential to understand the process and the costs involved.

How do you know if your PC is being used for crypto mining? ›

Here are some key signs you may have been infected with cryptojacking malware: High CPU usage. If your CPU is running unusually high — maybe even using 100% of its capacity — that's a major red flag you might be suffering from cryptojacking or another form of malware. Slow devices.

How does crypto mining work? ›

Bitcoin runs on a decentralized computer network or distributed ledger that tracks transactions in the cryptocurrency. When computers on the network verify and process transactions, new bitcoins are created, or mined. These networked computers, or miners, process the transaction in exchange for a payment in Bitcoin.

How to know if someone is mining crypto? ›

Here are a few ways to tell if your computer is mining for Bitcoin: High CPU usage: Bitcoin mining requires a lot of processing power, and as a result, your computer's CPU usage may be abnormally high. You can check your computer's CPU usage by opening the task manager or activity monitor on your computer.

How does crypto mining pay you? ›

High-powered computers compete to be the first to validate a series of transactions called a block, and add the block to the blockchain. Miners are paid transaction fees and 6.25 BTC per block for their efforts (if they solve the block correctly).

Top Articles
Latest Posts
Article information

Author: Fr. Dewey Fisher

Last Updated:

Views: 5677

Rating: 4.1 / 5 (62 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Fr. Dewey Fisher

Birthday: 1993-03-26

Address: 917 Hyun Views, Rogahnmouth, KY 91013-8827

Phone: +5938540192553

Job: Administration Developer

Hobby: Embroidery, Horseback riding, Juggling, Urban exploration, Skiing, Cycling, Handball

Introduction: My name is Fr. Dewey Fisher, I am a powerful, open, faithful, combative, spotless, faithful, fair person who loves writing and wants to share my knowledge and understanding with you.