What is Cryptojacking?


With any opportunity to make a monetary gain, criminals will always commit malicious activities to get an advantage, cheat, or even steal for their own benefit.  Cryptocurrency and mining is no different.  Mining crypto presents an opportunity to make money, profit, and invest.  However, like any other financial opportunities, attackers exploit others to acquire crypto mining resources to mine, or cryptojacking.  What is cryptojacking?



For an attacker to use other systems for cryptocurrency mining, they must gain access into a system like any other attack.  However, this form of attack is called “Cryptojacking.”  Cryptojacking can be defined as malicious cryptocurrency mining using unauthorized access to another’s’ system or systems.


Attackers must gain access to a system in order to install their malicious code that performs the mining operations in the background.  They use tactics like social engineering, phishing, fake links, or exploiting vulnerabilities to gain system access.  Once breached, the attacker can inject scripts that execute cryptocurrency mining and possibly additional malware.


There are multiple forms of cryptojacking:

  • File Based – Spreads through disguised files that look legitimate to a user.  When executed, the malicious scripts download and install on the victim’s system.
  • Browser Based – Attackers infect a website with a malicious advertisement or embed the malicious scripts into the site.  When a user accesses that website, their system will run the mining code
  • Cloud Based – Attackers breach organization’s cloud systems in order to utilize almost limitless resources.  Attackers see immense amount of resources for cryptocurrency while the organization faces hefty cloud resource costs.



As cryptojacking attacks rise in numbers, attackers also evolve their attacks.  Recently there has been a form of malware called Monero, that has been using both ransomware and cryptojacking tactics, or also called “Ransomining.”  Ransomining disables systems and exfiltrates data just as ransomware does; however, while the disabled, the malware initiates cryptojacking scripts to mine cryptocurrency on the system.  Not only does the attacker demand ransom payment, they now use your system resources to make themselves money.


The Monero attack in particular disguised itself as an antivirus installer.  When a user mistakenly executed the installer, the system would locks down and used for mining.  In February, this attack infected approximately 2,500 users a day.  Now, it has evolved and disguises itself as ad blockers and OpenDNS services and successfully infected over 20,000 systems.


Stay Safe

Cryptocurrency mining requires an immense amount of computational power.  Therefore, the most common symptom of cryptojacking is extreme decreased system performance.  Your systems will slow down, battery life will not last nearly as long, systems can over heat, and your CPU usage can max out for extended amounts of time.  Additionally, if you own a website, regularly check for malicious scripts.

To prevent cryptojacking you should regularly scan for malware.  By using adblockers you prevent loading infected advertisements on websites.  Furthermore, by disabling java scripts you can prevent other malicious scripts embedded in websites.  Finally, stay aware of any malware trends and educate your team and yourself to stay proactive in security incident prevention.