Cryptojacking is a variety of cybercrime which involves using somebody else's devices (computers, tablets, smartphones, and servers) without their owners' knowledge to clandestinely produce (mine) cryptocurrencies, for example, Bitcoin.
Cryptojacking is a type of cyberattack where hackers use someone else’s computer, smartphone, or other devices without permission to mine cryptocurrency. This is done secretly by infecting the device with malware or running hidden scripts on websites. The process uses the device’s processing power and electricity to perform the resource-intensive calculations needed to generate digital currencies, like Bitcoin or Monero, for the attacker. Cryptojacking can slow down the victim's device, increase energy costs, and potentially damage hardware due to overuse.
Cryptojacking is when hackers run malware on other people’s hardware to secretly mine cryptocurrency. This normally requires considerable processing power, but cryptojacking attacks allow hackers to mine cryptocurrency quickly and efficiently, without having to use their own computing resources.
Owing to Bitcoin’s popularity, cryptojacking malware is sometimes referred to as a “bitcoin virus” or “bitminer virus.” But to make serious money from cryptomining, substantial, expensive computer power is needed. A University of Cambridge study found that Bitcoin mining consumes more power than entire countries.
Cybercrooks’ solution is to use phishing emails, malicious links and downloads, search engine viruses, or social engineering tricks to hijack cryptomining resources from other people’s laptops, desktop PCs, phones, and tablets.
How does the criminal hacks the device and installs special software that works in the background and does not arouse any suspicion in the user.
he criminal hacks the device and installs special software that works in the background and does not arouse any suspicion in the user.
The malicious code can be installed in some of the following ways:
- The user follows a phishing link in an email message, which downloads the mining malware to the device.
- The user visits a website which loads what appears to be advertising banners, which run malicious code (JavaScript) when opened.
When the cryptojacking software is installed on the device, the mining begins, that is, generation of cryptocurrency. Mining consumes significant processing power, which negatively affects the functioning of the device.
All cryptojacking works the same way in principle. Cryptomining malware runs stealthily in the background, hijacking the victim’s central processing unit (CPU) and graphics processing unit (GPU) to “mine” fresh bits of cryptocurrency by solving complex math problems that verify crypto transactions. Every time a piece of cryptocurrency is “minted,” it’s sent to the attacker’s crypto-wallet.
Cryptomining malware is specifically designed to exploit a target’s computer resources, often through a browser or JavaScript. After getting infected with cryptominer malware through a link or other malicious source, the cryptojacking code embeds itself in your machine. The mining malware then runs a script to take control of your computer and start mining cryptocurrency.
Even though cryptojacking does not directly harm the operating system and user data, it can still present a significant threat. For example, cryptojacking can damage the device or shorten its service life by making it overheat.
The following signs may indicate that cryptojacking is going on:
- Reduced performance of the device. You can suspect cryptojacking if the operating system performance is degraded, applications are running slower, the battery discharges too quickly, or the device shuts down seemingly without reason.
- Device overheating. Cryptojacking consumes a lot of resources, which may cause the device to overheat. Constant noise from cooling fans might indicate that the device is running cryptojacking software.
- Increased CPU load. If you visit a website that does not have any video or audio content, but you still see increased CPU load, it might be evidence of the website running a cryptojacking script. You can see your CPU load in Task Manager on the Performance tab.
Antivirus (Especially feature that facilitates online security like Internet Security) application includes tools that can help protect your device from cryptojacking. Websites that you visit are checked for embedded malicious code. If a cryptojacking attempt is encountered, the application displays a notification that lets you delete the malicious code.
Links are checked against a database of phishing web addresses and fake cryptocurrency exchanges, which is regularly updated. If you try following a malicious link, the application displays a warning.
Even if the cryptojacking code makes its way to your device, Kaspersky application detects it as malicious and prevents it from running.
Cryptojackers often target large networks because it’s easier to conceal an illicit cryptomining operation on a network that already uses huge amounts of computing resources. But Bitcoin viruses also target regular people, in which case the cryptojacking malware is tweaked to mine smaller amounts and stay hidden.
Here are some high-profile examples of recent cryptojacking malware attacks:
- Facebook Messenger (2018): A Google Chrome extension called Facexworm hijacked Facebook Messenger to infect users’ computers and mine cryptocurrency, causing Google to ban cryptocurrency mining extensions.
- Tesla (2018): Cryptojackers took over Tesla’s public cloud to run a far-reaching cryptomining campaign.
- GitHub (2020): Cybercriminals commandeered GitHub infrastructure for illegal cryptomining operations using GitHub’s own servers.
- Linux and IoT devices (2023): Cryptomining malware targeting individual Linux users and IoT devices was discovered by Microsoft.
Cryptomining is generally safe if you choose to do it on your own device. But make sure you’re not downloading potentially harmful software posing as a cryptomining tool. And you should certainly take steps to prevent other people from surreptitiously cryptojacking your machine.
Here are some tips to help prevent cryptojacking:
- Keep your devices and software updated. Security patches in the form of updates fix vulnerabilities exposed by hackers, such as the EternalBlue exploit that wreaked havoc on Windows systems.
- Install software from reputable sources. Illegitimate software can house bitcoin malware that executes after you install the program. Only download software from official sources, and always check reviews first.
- Avoid suspicious websites. Torrenting sites, illegal streaming sites, or websites that host pirated software lack the safety protocols and security infrastructure of legitimate websites. They may be teeming with bitminer malware and dangerous hackers.
- Use ad blockers in your browser. Malicious ads, pop-ups, or fake search engines may have cryptojacking scripts embedded within. The best ad blockers can help detect and block malicious cyptomining code automatically.
- Disable JavaScript in your browser. JavaScript is a notoriously insecure programming language that’s commonly exploited in cryptomining attacks. To disable JavaScript, go to your browser’s privacy, security, or content settings.
- Endpoint protection. Endpoints refer to desktops, laptops, and mobile devices — any device that’s the “endpoint” of a communication network. Secure your endpoints with robust antivirus to stop cryptojackers in their tracks, and protect your crypto from being stolen.