The term ‘cryptojacking’ has been prevalent in the news this year as cyber criminals have shifted focus to this easy and effective method of making money. At Rubica, we have seen instances of cryptojacking as early as December, 2017 and we have defined the term as “the covert use of a device’s computing resources to mine cryptocurrency”.
In our experience, the most common method to accomplish cryptojacking is to utilize a JavaScript miner from Coinhive. Originally intended to facilitate “an ad-free experience” the site “offers a JavaScript miner for the Monero Blockchain” (Coinhive, 2018) that website owners can embed in a web page. When a user visits the page, the miner runs directly in the device’s browser and utilizes the device’s central processing unit (CPU) to “calculate hashes with an algorithm called Cryptonight” (Coinhive, 2018).
In theory, this process would reduce or eliminate advertisements on popular sites. However, as Coinhive points out the Cryptonight “algorithm is very compute heavy,” meaning it can consume a lot of a device’s resources resulting in browser crashes and high fan speeds. Theoretically, this can damage a device’s hardware over a long period of time.
Cryptojacking implies that a user has not consented to running a mining script on their device. When a user visits a site, they are not prompted with a choice to disable the script, but the site contains a function like this to automatically start in browser mining:
This means when you visit a site that has been infected with a mining script like “coinhive.js” without an active cyber security defense measure like Rubica, you are unknowingly paying cyber criminals and damaging your CPU.
Allowing this mining software into your digital world unknowingly can cause your machines to slow down, act as a gateway for other nasties and end up giving cyber criminals more than just free-access to your computers processor.
