In this two-part blog series, we'll tackle various aspects of cryptojacking, from definition to detection. You'll get a clear picture of why you should be concerned about cryptojacking, both as an individual and as a cybersecurity professional. In this first part, you'll learn how cryptojacking started, the reason for its popularity, and how it works.

First, let's look at some relevant terminologies.

Cryptocurrency: A cryptocurrency is a digital currency that's created for use over the internet. It's built on the basis of blockchain technology and encrypted using cryptography. The first cryptocurrency, Bitcoin, was created in 2009. However, as of March 2022, over 18,000 cryptocurrencies, such as Monero, Ethereum, and Tether exist.

Blockchain: This is a technology that facilitates the use of a decentralized, peer-to-peer network to secure and store transactions that are digitally timestamped to prevent backdating and double-spending. Apart from the details regarding the sender, receiver, and the number of transacted coins, each block also contains a cryptographic hash.

Cryptojacking demystified: Part 1

Cryptomining: This is the legitimate process of mining cryptocurrency on the internet. Essentially, it is the reward that is assigned to a miner when they solve mathematical programs of high complexity using computing devices, i.e., when a miner adds a block to a blockchain, they get their reward in the form of cryptocurrency.

How it all began

Since 2015, mining Bitcoin has become a costly business, and reaping profits from it has turned out to be an unfulfilled dream for most miners. That's why the popularity of another cryptocurrency, called Monero, skyrocketed. Mining Monero doesn't involve huge investments in terms of the processing power of computational devices as well as electricity bills.

The increase in popularity of mining Monero can also be attributed to the German company, Coinhive. Coinhive started off as a cryptomining service, also called a cryptominer, that offered an additional, legal income to website owners. To do this, the owners had the cryptomining code embedded in their website. So, whenever an individual visited that website, the code would run and use their device's resources to mine Monero to line the owner's digital wallet, with the visitor's consent.

However, this galvanized attackers to hack websites and mine cryptocurrency from unsuspecting victims; cryptojacking was unleashed in our world. Coinhive, created to be a legitimate cryptomining service, became perceived as a malware that propagates cryptojacking.

Now that we've reviewed the basics, let's discuss our main topic: cryptojacking.

What is cryptojacking?

Cryptojacking is a stealth cyberattack that involves the illegal mining of cryptocurrencies, such as Monero, Ethereum, and Bitcoin via the unauthorized use of devices: laptops, tablets, desktops, and mobile devices. Simply put, cryptojacking is illegal cryptomining.

You might be thinking: "So, I get that it's illegal, but I still don't see how this affects me. Attackers are not stealing my data and selling it; so where's the harm?" While a cryptojacker might not steal your data, they do rob your resources, and if your digital wallet is loaded, your cryptocurrency as well.

Cryptojacking is bad for you, as an individual, because a miner using your device's processing power means that your device can overheat, its response time then slows down, and its battery will drain drastically. Your work is affected and pending tasks pile up, impacting your work performance.

For an organization, the impact of cryptojacking scales up exponentially because, depending on the number of devices compromised, operating expenses can increase dramatically. Your employees' productivity can drop, and the constant, heavy use and draining of resources will quickly lead to the need for new replacement devices. Your organization will also incur huge electricity bills.

Staying vigilant has never been as essential as it is now because, according to SonicWall cyber threat report, there were more than 97 million cryptojacking attempts in 2021, and this trend will continue.

Why is cryptojacking so popular?

Cryptojacking is a growing menace:

  • It's easy money: Attackers don't need to make a huge investment in hardware or electricity, to reap profits. Being lucrative, it tempts even amateurs.
  • Launching the attack is simple: A few lines of code is all it takes. Embedding the malware in popular websites, such as YouTube, and on social media platforms, increases its reach tremendously.
  • Availability of malware-as-a-service: Attackers don't even need knowledge of coding; they can just buy the malcode from the dark web.
  • Not a legal priority: When compared to attacks, like ransomware, cryptojacking may not merit severity in terms of legal consequences.
  • Not easily detected: Today, threat actors don't attack just one computer and hijack its processing power. Attackers now divide the labor among multiple devices. Instead of utilizing 90% of the CPU resources from one device, they've started utilizing 10% of CPU resources from nine devices. As a result, the signs of cryptojacking (high CPU/GPU usage, high temperature) become less obvious and detection becomes much more difficult.

How it works:

Cryptojacking malware can be embedded in three ways to utilize your resources:

File-based cryptojacking

In this method, the cryptojacker employs social engineering techniques or phishing to get the user to download the cryptojacking malware. Once it's downloaded, unbeknownst to the user, the malicious script will run in the background and use their device's resources to mine currencies. Moreover, the cryptojacking software will infect that organization's network, and use a small amount of processing power from each infected device to avoid detection.

Here's a list of a few other ways in which cryptojacking malware can infect your device:

  • By integrating cryptojacking capabilities in an existing malware
  • Using mobile apps and app stores
  • Using removable media

Browser-based cryptojacking

The legitimate form of mining offered by the erstwhile Coinhive was browser-based. However, a cryptojacker will embed malicious code onto the javascript of a website. When a user visits the website, the code is run, and cryptocurrency is mined using the computational power of that user's device, without their knowledge or consent. The attackers usually try to infect a popular website because, the greater the number of visitors, the greater amount of resources available for mining.

Apart from compromising websites via drive-by-download attacks, browser-based mining can also occur:

  • By using advertising networks and malvertising
  • Using wormable cryptominers

Cloud-based cryptojacking

In this method, the attackers find a way to hack into and access an organization's cloud services, and tap into its unlimited CPU resources for mining cryptocurrency. If an organization enrolls in a pay-as-you-go pricing model from a cloud service provider, then the bills it'll incur will be exorbitant.

You've now gained a fair understanding of the basic concepts of cryptojacking. Interested in learning more? Look for the next blog in this series to discover how to prevent and detect cryptojacking. Thanks for reading, folks!

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.