
Cryptojacking meaning & definition
Cryptojacking is a type of cybercrime that involves the unauthorized use of people's devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency. Like many forms of cybercrime, the motive is profit, but unlike other threats, it is designed to stay completely hidden from the victim.
What is cryptojacking?
Cryptojacking is a threat that embeds itself within a computer or mobile device and then uses its resources to mine cryptocurrency. Cryptocurrency is digital or virtual money, which takes the form of tokens or "coins." The most well-known is Bitcoin, but there are approximately 3,000 other forms of cryptocurrency and while some cryptocurrencies have ventured into the physical world through credit cards or other projects — most remain virtual.
Cryptocurrencies use a distributed database, known as 'blockchain' to operate. The blockchain is regularly updated with information about all the transactions that took place since the last update. Each set of recent transactions is combined into a 'block' using a complex mathematical process.
To produce new blocks, cryptocurrencies rely on individuals to provide the computing power. Cryptocurrencies reward people who supply the computing power with cryptocurrency. Those who trade computing resources for currency are called "miners".
The larger cryptocurrencies use teams of miners running dedicated computer rigs to complete the necessary mathematical calculations. This activity requires a significant amount of electricity – for example, the Bitcoin network currently uses more than 73TWh of energy per year.
Cryptojackers and the future of cryptojacking
That is where cryptojacking comes in: cryptojackers are people who want the benefits of cryptocurrency mining without incurring the huge costs. By not paying for expensive mining hardware or large electricity bills, cryptojacking allows hackers to mine for cryptocurrency without the large overheads. The type of cryptocurrency primarily mined on personal computers is Monero, which appeals to cybercriminals because it is difficult to trace.
There is some debate as to whether cryptojacking is in decline or on the rise. Cryptojacking tends to rise in proportion to the value of cryptocurrencies, particularly Bitcoin and Monero. But in recent years, two factors have had a dampening effect on cryptojacking:
Crackdowns by law enforcement.
The shutdown of Coinhive, which was the leading site which dealt with cryptominers. Coinhive provided JavaScript code that websites could incorporate to make visitors' computers mine Monero. Coinhive's code was quickly abused: a mining script could also be injected into a website by hackers without the site owner's knowledge. The site shut down in March 2019, and with it, the number of site infections went sharply down.
The motivation behind a cryptojacking attack is simple: money. Mining cryptocurrencies can be very lucrative, but making a profit is challenging without the means to cover large costs. Cryptojacking is the criminal manifestation of cryptomining and offers an illegitimate yet effective and inexpensive way to mine valuable coins.
How does cryptojacking work?
Cybercriminals hack into devices to install cryptojacking software. The software works in the background, mining for cryptocurrencies or stealing from cryptocurrency wallets. The unsuspecting victims use their devices typically, though they may notice slower performance or lags.
Hackers have two primary ways to get a victim's device to secretly mine cryptocurrencies:
By getting the victim to click on a malicious link in an email that loads cryptomining code on the computer
By infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim's browser
Hackers often use both methods to maximize their return. In both cases, the code places the cryptojacking script onto the device, which runs in the background as the victim works. Whichever method is used, the script runs complex mathematical problems on the victims' devices and sends the results to a server which the hacker controls.
Unlike other types of malware, cryptojacking scripts do not damage computers or victims' data. However, they do steal computer processing resources. For individual users, slower computer performance might simply be an annoyance. But cryptojacking is an issue for business because organizations with many cryptojacked systems incur real costs. For example:
The use of help desk and IT time spent tracking down performance issues and replacing components or systems in the hope of solving the problem.
Increased electricity costs.
Some cryptomining scripts have worming capabilities that allow them to infect other devices and servers on a network. This makes them harder to identify and remove. These scripts may also check to see if the device is already infected by competing cryptomining malware. If another cryptominer is detected, the script disables it.
In early instances of cryptomining, some web publishers sought to monetize their traffic by asking visitors' permission to mine for cryptocurrencies while on their site. They positioned it as a fair exchange: visitors would receive free content while the sites would use their computer for mining. For example, on gaming sites, users might stay on the page for some time while the JavaScript code mines for coin. Then when they leave the site, the cryptomining would end. This approach can work if sites are transparent about what they are doing. The difficulty for users is knowing whether sites are being honest or not.
Malicious versions of cryptomining – i.e. cryptojacking – don't ask for permission and keep running long after you leave the initial site. This is a technique used by owners of dubious sites or hackers who have compromised legitimate sites. Users have no idea that a site they visited has been using their computer to mine cryptocurrency. The code uses just enough system resources to remain unnoticed. Although the user thinks the visible browser windows are closed, a hidden one stays open. Often it can be a pop-under, which is sized to fit beneath the taskbar or behind the clock.
Cryptojacking can even infect Android mobile devices, using the same methods that target desktops. Some attacks occur through a Trojan hidden in a downloaded app. Or users' phones can be redirected to an infected site, which leaves a persistent pop-under. While individual phones have relatively limited processing power, when attacks occur in large numbers, they provide enough collective strength to justify the cryptojackers' efforts.