What Is Cryptojacking?

The Appeal of Cryptojacking

Mining cryptocurrency efficiently requires substantial hardware and electricity, but cryptojacking enables a bad actor to mine with near-zero investment, making it an all-profit venture regardless of fluctuations in the market.

Types of Cryptojacking

File-based cryptojacking is a form of cryptojacking where malware is downloaded on-device, there is also browser-based cryptojacking, which uses your web browser to mine cryptocurrency while you’re using it. Servers can also be cryptojacked, which may be problematic for organizations that run their own compute resources either on premise or in the cloud.

Cryptojacking can also be performed locally. For example, a rogue employee can install miners at their workplace and mine for cryptocurrency using company computers. Alternatively, they can cryptojack from their workplace by stealing electricity and using it on their own concealed equipment.

When Did Cryptojacking Begin?

Though cryptojacking didn’t start in 2017, it certainly came to prominence at this time. A company called Coinhive developed a mining tool for website owners to mine cryptocurrency as an alternative to displaying ads. The viewers of the website got ad-free access while the website owners earned passive crypto-mining income.

Initially, this arrangement was open, transparent, and consensual between website visitors and owners. However, cybercriminals soon saw the profit-making potential and started secretly putting malicious informatic code on thousands of websites, often without the knowledge of website owners or viewers. For example, one cryptojacking botnet, a network of computers infected with malware working in coordination, called Smominru, was discovered in over half a million infected devices in 2017 (although it may have been in operation since 2012).

Who Is Targeted by Cryptojacking?

If you own a device with a processor that’s connected to the internet, it can potentially be cryptojacked. Computers, gaming consoles, tablets, and mobile phones are all general purpose computing platforms at their heart and can be turned into miners. To be profitable, cryptojackers need a lot of processing power. Businesses with large on-site or cloud server mining farms are popular targets, because they can be used to mine far more than even a large botnet of residential computers. Supercomputers have also been cryptojacked.

Signs of Cryptojacking

Some common signs of a potential cryptojacking breach are slower computer speeds, unusually high CPU usage, and overheating hardware. But some cryptojackers take measures to mask these signs. One specific cryptojacking program stops mining when mouse activity is detected so that the user of the device remains unaware it's infected. Others operate well below 100% processing power so they can run in the background undetected.

What Can You Do to Prevent Getting Cryptojacked?

Some methods you can use to guard against getting cryptojacked include keeping your antivirus software up-to-date and using specialized ad-blockers and anti-mining web browser extensions. Regulatory authorities and companies are also adapting and taking steps to limit cryptojacking. For example, Google banned web extensions that mine cryptocurrency from the Chrome Web Store in 2018. Interpol led an operation in 2019 in Singapore that they claim reduced cryptojacking by 78%.

How Concerned Should You Be About Cryptojacking?

If you’re an individual, cryptojacking is usually no more common than any other malware infection, but you should always be vigilant in protecting yourself from any malicious threats online. If you’re an IT professional or business owner, cryptojacking can be much more of a serious problem: Current trends show cryptojackers mostly target large businesses, cloud computing platforms, and supercomputers.

Malware and computer bugs are nothing new, but cryptojacking can be frustrating for consumers, and a big problem for businesses, governments, and large organizations. For small, retail users, keeping your antivirus software current is one of the best things you can do to protect yourself against cryptojacking. In contrast, larger potential targets can be much more expensive and difficult to protect.