What is Cryptojacking?
Cryptojacking (also called malicious cryptomining) is an emerging online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of online money known as cryptocurrencies. It’s a burgeoning menace that can take over web browsers, as well as compromise all kinds of devices, from desktops and laptops, to smart phones and even network servers.
Like most other malicious attacks on the computing public, the motive is profit, but unlike many threats, it’s designed to stay completely hidden from the user.
Cryptojacking is a scheme to use people’s devices (computers, smartphones, tablets, or even servers), without their consent or knowledge, to secretly mine cryptocurrency on the victim’s dime. Instead of building a dedicated cryptomining computer, hackers use cryptojacking to steal computing resources from their victims’ devices. When you add all these resources up, hackers are able to compete against sophisticated cryptomining operations without the costly overhead.
If you’re a victim of cryptojacking, you may not notice. Most cryptojacking software is designed to stay hidden from the user, but that doesn’t mean it’s not taking its toll. This theft of your computing resources slows down other processes, increases your electricity bills, and shortens the life of your device. Depending on how subtle the attack is, you may notice certain red flags. If your PC or Mac slows down or uses its cooling fan more than normal, you may have reason to suspect cryptojacking.
The motivation behind cryptojacking is simple: money. Mining cryptocurrencies can be very lucrative, but turning a profit is now next to impossible without the means to cover large costs. To someone with limited resources and questionable morals, cryptojacking is an effective, inexpensive way to mine valuable coins.
How does cryptojacking work?
Cryptojackers have more than one way to enslave your computer. One method works like classic malware. You click on a malicious link in an email and it loads cryptomining code directly onto your computer. Once your computer is infected, the cryptojacker starts working around the clock to mine cryptocurrency while staying hidden in the background. Because it resides on your PC, it’s local — a persistent threat that has infected the computer itself.
An alternative cryptojacking approach is sometimes called drive-by cryptomining. Similar to malicious advertising exploits, the scheme involves embedding a piece of JavaScript code into a Web page. After that, it performs cryptocurrency mining on user machines that visit the page.
In early instances of drive-by cryptomining, web publishers caught up in the bitcoin craze sought to supplement their revenue and monetize their traffic by openly asking visitors’ permission to mine for cryptocurrencies while on their site. They posed it as a fair exchange: you get free content while they use your computer for mining. If you’re on, say, a gaming site, then you probably will stay on the page for some time while the JavaScript code mines for coin. Then when you quit the site, the cryptomining shuts down too and releases your computer. In theory, this isn’t so bad so long as the site is transparent and honest about what they’re doing, but it’s hard to be sure the sites are playing fair.
More malicious versions of drive-by cryptomining don’t bother asking for permission and keep running long after you leave the initial site. This is a common technique for owners of dubious sites, or hackers that have compromised legitimate sites. Users have no idea that a site they visited has been using their computer to mine cryptocurrency. The code uses just enough system resources to remain unnoticed. Although the user thinks the visible browser windows are closed, a hidden one stays open. Usually it’s a pop-under which is sized to fit under the task bar or behind the clock.
