Last Updated: September 9, 2021
It can be highly profitable, which is why it’s so widely spread. It’s becoming an even bigger hassle today.
Therefore, today, we’ll dive in and figure out what this attack is all about.
How does it work?
How can you protect yourself?
You’ll find all the answers in the lines below.
Shall we begin?
What Is Cryptojacking?
First off, let’s define crypto and the other terms we’re going to be using in this article:
- Crypto definition: something secret, concealed.
- Cryptography definition: the technique of protecting data via codes. Encryption is one of its components.
From those two, we can get an insight into the definition of cryptocurrency. It is a decentralized digital currency, which uses cryptography for security.
Cryptojacking’s definition, then, is the process of “mining” cryptocurrencies using someone else’s processing power, without their consent.
Why Do Cybercriminals Do Cryptojacking?
Here’s why cryptojacking is such a menace today:
- First of all – it’s easy to do. Not the case with other types of fraud like ransomware, for example.
- Second – it’s safer since it doesn’t destroy data or harm a system. The legal consequences aren’t so severe as with ransomware, for example. So far, only one cryptojacker has been sentenced to prison.
- Third – hackers can easily access their money. (More of a luxury than you might think.)
- Fourth – cryptojacking malware can stay unnoticed for a long time.
A few years ago, when cryptojacking was still in its infancy, cybercriminals used to take over all of a system’s resources to mine cryptocurrency.
However, this alerted their targets of the cryptomining malware, since it rendered the systems inoperable.
Nowadays, hackers use fewer resources on a single machine, but they also try to hit as many devices as possible.
That way, the malware stays unnoticed, yet still generates money for its creators.
So, if it doesn’t damage the system and isn’t harmful, what’s the big deal?
From a philosophical point of view – infected systems sponsor organized crime.
It also makes your machine run slower and consume more energy. Which, in turn, reflects on your electricity bill.
To scale things up a bit – let’s say you own a business.
How would that business be affected by PCs that are suddenly slower, while you’re paying more for electricity?
SMBs account for 82% of cryptomining traffic, so this is a real-life example.
We already know what cryptojacking is – at least the dictionary’s interpretation.
Let’s see how it looks under the surface.
The Inner Workings of Cryptojacking
Malicious cryptominers can take advantage of a system in two ways:
- Device infection
- Browser mining
These are the means of crypto jacking, used by cybercriminals to take advantage of a system’s resources.
To infect a device with cryptomining malware, hackers use the same technique as with any other malware infection.
Criptomining software can enter a system via a phishing email, malicious website, or can hide in a USB drive or an app.
Once the miner enters a system, it starts to work in the background.
This infection is more profitable than mining through a website, but it’s also harder to deliver.
Not all cybercriminals will take the time to infect a machine with cryptocurrency mining software, though.
A simple code in a website can do the same, only on a smaller scale.
With this type of mining operation, a cryptocurrency malware isn’t installed on a system.
This operation uses the visitors’ CPU power to generate cryptocurrency, while they are on the website.
Once the page is closed, the mining process stops.
Although website mining is, in fact, cryptojacking, the idea behind it wasn’t malicious.
See, back in 2017, a German company called Coinhive came up with this concept.
Their desire was for websites to monetize on visitors, without displaying ads.
Although major websites didn’t embrace this idea, some others did, earning Coinhive an average of $75,000 a month.
The German company took 30% commission of all mined cryptocurrencies, and 70% went to the websites’ owners.
When done legitimately, the website should inform its visitors about this type of operation.
Just like The Pirate Bay did with small letters on the bottom.
Somewhere along the line, cybercriminals decided to use this code to transfer 100% of mined cryptocurrency to their wallets. And not ask for permission.
And that’s how an innovative idea became known as the Coinhive malware.
The altered Coinhive code was used on government and popular websites, YouTube ads, and desktop apps.
Facebook and Starbucks’s WiFi mined cryptocurrency as well, thanks to the malicious Coinhive script.
With all the illegal use of their code, the company had to shut down in March 2019.
Now, the cryptocurrency of choice for cryptojacking is called Monero.
It’s way cheaper than Bitcoin, but it makes up for it by being easy to mine. In other words – it doesn’t require impressive hardware.
But it gets better:
The other benefit of Monero is that its transactions are untraceable. Cybercriminals do value their privacy.
As a matter of fact, cryptojacking accounts for 4.32% of all Monero in circulation.
It doesn’t sound like much, but it amounts to around $64 million.
While on the topic of money, Symantec did an intriguing calculation.
They found that a botnet of 100,000 devices could earn an average of $30,000 a month via browser mining.
This amount jumps to $750,000 for file-based mining.
Either way, it’s a profitable venture.
So, we want to lower these figures and not let someone else use our devices for their gain, don’t we?
But what should we do?
Let me walk you through the removal of this nasty bug in a few steps.
How to Detect Cryptojacking?
First off – you don’t need to even know what crypto mining is to notice something’s wrong with your device.
Most anti-malware programs detect cryptomining malware right from its entry point.
If you’re not using such a program, then there are several telltale signs:
- Slow response times
- High CPU usage
- Faster battery drain
- Increased fan noise
If you experience any (or all) of these symptoms, an anti-malware check is a good next step.
With that taken care of, we can move on to in-browser mining.
First of all – if a cybercriminal messed with a website’s scripts, it’s the owners who should detect it.
However, there is a way to find that out yourself.
If your computer slows down while browsing, open your Task Manager (Windows) or Activity Monitor (Mac).
From there, see if your browser is using too much CPU power. If that’s the case, leave the website and see if it changes.
If you have multiple tabs opened, check which one has the highest usage of your system’s resources.
(In Chrome you can do that via the built-in Task Manager. You can access it with Ctrl+Esc.)
How about we limit the options for cybercriminals in the first place?
How to Prevent Cryptojacking?
“An ounce of prevention is worth a pound of cure.” – Benjamin Franklin
The best way to stay safe from cryptojacking and other malware is to have up-to-date antivirus or anti-malware software.
OS providers also release security patches. Combined with antivirus software, your security will be enough to grade higher than average. Therefore, keep them both updated, since there is a cyberattack every 39 seconds.
And last but not least, basic online security knowledge is a must – don’t click on SPAM emails or browse suspicious websites. We have lots of articles about cybersecurity which you may find useful.
To summarize – now that we know what cryptojacking is, we can protect ourselves.
It is here to stay since cryptocurrency trading and prices are on the rise.
To be blunt – it’s an effortless way for cybercriminals to make money.
Unlike ransomware, however, these attacks don’t imprison your data. Instead, they steal a portion of your device’s processing power.
If we imagine ransomware as a brutal gladiator, then cryptojacking is more of a silent thief.
So, make use of the tips in the sections above, and chances are you’ll never face cryptomining malware.
Come to think of it – cryptojacking is like a cold – it doesn’t do much damage, but still makes you weak.
Still, life is way better without it.
A cryptojacking attack occurs when a cryptomining malware or websites/ads use a device’s CPU performance to mine cryptocurrencies.
This happens without the user’s consent or knowledge. Moreover, only 20% of infected organizations are aware of this.
It’s a piece of malicious software which infects a system and mines cryptocurrency in the background.
Most mining malware mines Monero, followed by Bitcoin.
Yes, it can.
Most anti-malware programs can detect illegal mining. Furthermore, Bitcoin mining uses more resources than Monero mining, so your device will overheat more often, and the power consumption will go through the roof.
Most anti-malware programs can clean your system from malware.
After all, cryptomining malware isn’t anything more special than a simple Trojan. So most antivirus programs will catch and remove it.
If you are concerned about your mobile device – don’t be. There are anti-malware apps on Google Play and AppStore as well.
Even if they fail to contain an illegal cryptominer, you can just reboot the device into safe mode and uninstall the malicious app.
Simply put, they are the tools which “mine” cryptocurrencies. They are so widely spread that a mindblowing 40% of organizations worldwide were impacted by cryptominers in 2018.
In more detail, they represent a program, which completes mathematical equations using the CPU power. Once these equations are solved, a unit of cryptocurrency goes to the wallet of the cryptominer’s owner.
That’s the really short version of how cryptocurrency works, ladies and gentlemen.
Now, this is a bit tricky.
Although people continue to ask this question, the answer is “nothing.”
As of March 2019, Coinhive doesn’t exist.
But what’s important is what Coinhive used to be. And how it changed cybercrime.
See, Coinhive had this innovative idea of using the CPU’s power of a website visitor to mine cryptocurrency and therefore make ads obsolete.
So what did they do?
They created a code which could be embedded in every website to mine Monero. This cryptocurrency doesn’t require any specialized hardware to be mined – an average PC is enough.
Anyway, cybercriminals didn’t intend to miss this opportunity for their benefit and used Coinhive’s script to mine cryptocurrency for themselves.
Long story short, Coinhive is responsible for what cryptojacking is today.