What Is Cryptojacking?
Cryptojacking is a type of cyberattack in which a hacker co-optsa target's computingpower to illicitly mine cryptocurrency on the hacker's behalf. Cryptojacking can target individual consumers, massive institutions, and even industrial control systems.
The malware variants involved in cryptojacking slow down infected computers, as the mining process takes priority over other legitimate activities.
Key Takeaways
- Cryptojacking is a type of cyberattack in which a hacker co-optsa target's computingpower to illicitly mine cryptocurrency on the hacker's behalf.
- Cryptojacking can target individual consumers, massive institutions, and even industrial control systems.
- Cryptojackinghas become an increasingly popular way for fraudsters and criminals to extract money from their targets in the form of cryptocurrency.
- The lines between cryptojacking and the "legitimate" practice of browser mining are not always clear.
Understanding Cryptojacking
Cryptojackinghas become an increasingly popular way for fraudsters and criminals to extract money from their targets in the form of cryptocurrency. One widely publicized hack, the WannaCry worm hack, affected systems on several continents in May 2017. In this instance of cryptojacking, fraudsters encrypted victims' files and demanded cryptocurrencyransoms in the form of Bitcoin in order to decrypt them.
Cryptojacking harnesses victims' machines to mine, or perform the computations necessary to update cryptocurrencies' blockchains, thereby creatingnewtokens and generating fees in the process. These new tokens and fees are deposited to wallets owned by the attacker, while the costs of mining—including electricity and wear and tear to computers—are borneby the victim.
Examples of Cryptojacking
In February 2018, a Spanish cybersecurity firm, Panda Security, announced that a cryptojacking script, known by its nickname "WannaMine,"had spread to computers around the world. The new malware variant was being used to mine the cryptocurrency monero.
Monero is a digital currency that offers a high level of anonymity for users and their transactions. WannaMine was originally discovered by Panda Security in October 2017. Because it is particularly hard to detect and block, it was responsible for a number of high-profile infections in 2018. After WannaMine has silently infected a victim’s computer, it uses the ExternalBlue exploit and the machine's operating power to run analgorithm over and over again, with the intentionof findingahashmeeting certain criteria before any other miners do. When that happens, a new block is mined, which creates a chunk of newmonero anddepositing the windfallto the attacker'swallet.
Later the same month, governments in Britain, the U.S., and Canada were impacted by a cryptojackingattack that took advantage of a vulnerability in a text-to-speech software embedded in the websites of governments for these respective nations. Attackers insertedCoinhivescriptinto the software, allowing them to mine monerousing visitors' browsers.
In February 2018, it was discovered that Tesla Inc. had been the victim of cryptojacking. Reportedly, the company's Amazon Web Services cloud infrastructure was running mining malware. In this case, the data exposure was discovered to be minimal, although, in general, cryptojacking poses a broad security threat for a company (in addition to accruing up a large electric bill).
Browser Mining vs. Cryptojacking
The lines between cryptojacking and the "legitimate" practice of browser mining are not always clear. Browser mining is becoming an increasingly common practice. For example, Coinhive, the cryptocurrency mining service,is often described as malware as a result of the tendency of the computer code of the program to be used on hacked websites to steal the processing power of its visitors’ devices. However, Coinhive's developers present itas a legitimate way to monetize traffic.
In 2018, the publication Salon partnered with Coinhive's developers to mine monerousing visitors' browsers (with their permission) as a way of monetizing the outlet's content when faced with adblockers.
Some experts have cited the potential of browser mining as an alternative to ad-based monetization. In 2018, Lucas Nuzzi, a senior analyst at Digital Asset Research, said that "Browser-based miners like Coinhive are the best implementation of useful PoW [proof of work] in existence. inteFor the first time in Internet's history, websites have a way of monetizing content without having to bombard users with ads."
Browser mining is, in essence, a legitimizedform of cryptojacking. Such proposals are extremely controversial, given the potential costs to users in terms of power consumptionand damage to their hardware.
FAQs
How Does Cryptojacking Work? Cryptojacking uses malware or malicious code to commandeer the processing power of victims' devices (laptops, desktop computers, smartphones, etc.) for use in cryptocurrency mining.
What is cryptojacking and how does it work? ›
Cryptojacking is a type of cybercrime where a criminal secretly uses a victim's computing power to generate cryptocurrency.
How exactly does crypto mining work? ›
Bitcoin runs on a decentralized computer network or distributed ledger that tracks transactions in the cryptocurrency. When computers on the network verify and process transactions, new bitcoins are created, or mined. These networked computers, or miners, process the transaction in exchange for a payment in Bitcoin.
What are signs of cryptojacking? ›
Quick Cryptojacking Test: How to Detect Cryptojacking
Decreased performance – cryptojacking causes decreased performance on computing devices. You should watch out for slower system performance, as well as devices that run slowly, crash, or exhibit unusually poor performance.
What is a real life example of cryptojacking? ›
For example, the Romanian hacker group Outlaw compromises Linux servers and Internet of Things (IoT) devices by using default or stolen credentials and exploiting known vulnerabilities to launch DDoS attacks or mine Monero currency.
Is crypto jacking illegal? ›
Distinguishing Legitimate Mining from Cryptojacking
The former is a legal and intentional process where individuals or companies use their resources to mine cryptocurrencies. In contrast, cryptojacking is inherently non-consensual and illegal.
How can I tell if someone is mining bitcoin on my computer? ›
Is your PC Infected with a Crypto Miner? Here's How to Find Out
- High CPU or GPU Usage. ...
- Increased fan noise and overheating. ...
- Decrease in performance. ...
- Unexplained Network Activity. ...
- Crashes and more crashes. ...
- Short battery life. ...
- Unknown Processes in Task Manager. ...
- Blocked access to system monitoring tools.
The length of time it takes to mine 1 Bitcoin can vary. Each committed Bitcoin block releases 3.125 Bitcoin. To answer the central question in mind, it takes an average of 10 minutes to mine not just 1 Bitcoin but 3 — and that rate will fluctuate over time.
How do crypto miners get paid? ›
Bitcoin miners receive bitcoin as a reward for creating new blocks which are added to the blockchain. Mining rewards can be hard to come by due to the intense competition. The probability that a participant will discover the solution is related to the network's total mining capacity.
How much does it cost to mine 1 Bitcoin? ›
Mining a Bitcoin depends on your energy rate per Kwh, it costs $11,000K to mine a Bitcoin at 10 cents per Kwh and $5,170K to mine a Bitcoin at 4.7 cents per Kwh. Learn how and if mining right for you in July 2024!
Considering this, cryptojacking is a way for criminals to cut costs while increasing their potential for financial gain. That's part of why it's growing in popularity, with 332 million cryptojacking attacks tallied in the first half of 2023, a record 399 percent increase from 2022.
Is my computer cryptojacked? ›
If your PC or Mac slows down or uses its cooling fan more than normal, you may have reason to suspect cryptojacking. The motivation behind cryptojacking is simple: money. Mining cryptocurrencies can be very lucrative, but turning a profit is now next to impossible without the means to cover large costs.
Can you use your phone to mine crypto? ›
Does Bitcoin Mining Work on a Smartphone? Yes, it is possible to mine Bitcoin on a smartphone, whether you have an Android device or an iPhone. Since phones are essentially computers, they can be set to the task of computing hashes. A hash is a one-way transformation of data.
What is cryptojacking in simple words? ›
Cryptojacking is a type of cybercrime that involves the unauthorized use of people's devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency.
Is crypto mining real or fake? ›
Providing cloud mining services—otherwise known as mining-as-a-service—is a legitimate business, but some cloud mining companies are fraudulent.
What is the difference between cryptomining and cryptojacking? ›
Cryptomining is a system by which "miners" contribute computer processing power and get paid in cryptocurrency to validate blockchain transactions. In its malicious form, cryptojacking is where hackers take control of a victim's computing resources to secretly mine cryptocurrency for their own benefit.
Is crypto mining illegal? ›
Is bitcoin mining legal? According to TheStreet, reporting on a November 2021 Law Library of Congress report, bitcoin mining is banned in various countries, such as Bangladesh, China, Egypt, Iraq, Morocco, Nepal, Qatar, and more. However, it is legal in the US, and most countries, but not all US states allow the same.
How does crypto mining pay you? ›
Bitcoin mining is a network-wide competition to generate a cryptographic solution that matches specific criteria. When a correct solution is reached, a reward in the form of bitcoin and fees for the work done is given to the miner(s) who reached the solution first.
Which crypto token is mostly used by cyber criminals? ›
Bitcoin: As the first and most well-known cryptocurrency, Bitcoin remains the most popular choice among cybercriminals because it has the highest level of liquidity and is the most widely accepted form of payment on the dark web.
