It sounds like an adrenaline-packed adventure sport. You can almost imagine telling your friends you went cryptojacking down a volcano whilst on vacation in Costa Rica. But no, sadly the only thing that will get high doing cryptojacking is your power bill. And probably the hacker behind it, filling his or her virtual wallet with Monero. So, what is cryptojacking again?

What Is Cryptojacking?

Cryptojacking is where a device is unexpectedly taken over to use its computational power to mine cryptocurrency. There are several ways this can happen. And just because you have a robust anti-virus in place doesn’t necessarily mean you’re safe. It’s fairly simple to download malicious code from a seemingly innocent vector, like a free content management system.

You don’t even need to download the code to get cryptojacked since there are plenty of websites that are infected with JavaScript code. This in-browser cryptocurrency mining isn’t so much of a problem, and, in fact, several sites are exploring it as a potential replacement revenue stream for advertising. You simply consent to help mine for the time you use the site.

That said, the majority of websites that are infected with mining malware are unaware. Earlier this year, for example, over 300 websites using the Drupal content management system got infected with Coinhive JavaScript software used for mining Monero. These victims included the San Diego Zoo, UCLA, and even Lenovo.

Coinhive is the most popular code for in-browser mining since it’s easy to deploy and often goes unnoticed. Even plugins like NoCoin for Chrome and Firefox may fail to detect Coinhive infected sites. In fact, as much as 82 percent of infected sites go undetected.

It’s a pretty safe bet that most of San Diego Zoo’s visitors aren’t into cryptocurrency. So, if you think that it’s an industry-specific problem, think again. You can get cryptojacked just about anywhere, at any time.

Cryptojacking is the biggest cybersecurity threat of 2018, with one-quarter of all businesses already falling victim to it. It’s not mega businesses the hackers are after either. It’s not cryptocurrency exchanges, ICOs, or even HODLers that they want. It’s anyone with a mobile phone, personal computer, server, or even IoT device.

What Is Cryptojacking Capable Of?

There’s good and bad news about cryptojacking. Unlike some more malicious attacks like Ransomware, the hackers aren’t aggressively taking hold of your device. You may not even realize that it’s happening, as long as they don’t set the code to use a very high amount of computational power.

What you may notice is that your device overheats or lags in performance. But, if you’re used to a device that runs less than optimal, let’s be honest, cryptojacking can pass by undetected – until a big power bill hits you at the end of the month. While this is a drag to be sure, it’s certainly not as bad as having your Ether wallet hacked or your data leaked.

In some cases, though, cryptojacking can damage your device. If the hacker gets too greedy with the amount of CPU, he or she takes your computer could be sent into an irreparable tailspin.

What Is Cryptojacking Prolific On?

Everyone knows that mining cryptocurrency takes a high amount of computational power. This means that company servers are the best target. Yet, cryptojacking is more about taking a little bit of power from a lot of devices, rather than one major attack. With that in mind, cryptojacking is now prolific on any device, from mobile phones to IoT devices.

According to Kaspersky Lab, once mobile mining becomes more profitable, cryptojacking will explode in proliferation. The sheer number of mobile devices worldwide makes them an obvious target.

Major Cryptojacking Incidents to Date

Although cryptojacking is a non-aggressive form of cybercrime, that shouldn’t make you more sympathetic to its perpetrators. They’re making a lot of money mining cryptocurrency illegally using other people’s devices without authorization.

Some of the most high-profile cases so far have been the Shominru mining botnet that infected over 500,000 machines. It targeted Windows’ servers and forced them to mine over $3.5 million of Monero.

Another major cryptojacking incident was the Siacoin Internet Cafe hack when hackers across China mined around $800,000 million in Siacoin by infecting internet cafes with malicious cryptojacking code.

Other Cool and Creepy Facts About Cryptojacking

  • You don’t need technical skills to do it! According to a Digital Shadows’ report cited in CSO Online, you can buy “cryptojacking kits” on the dark web starting at just $30.
  • In Q4 2017 incidents of cryptojacking exploded by 8,500 percent.
  • Malvertising is a popular channel for infecting devices with crypto mining botnets.
  • Android users are more susceptible to cryptojacking, with 60 million already hit by crypto miners this year.
  • At least 13,000 WordPress Plugins contain critical security vulnerabilities that make them easy prey for hackers.
  • Social media is also a big vector, especially through phishing tactics using official-looking emails asking users to click through to a site, which then runs a code on your computer.
  • In-browser mining happens only when you visit the infected site. Close the site, stop the mining. Mining botnets downloaded to your device will sit and mine from now until infinity unless you get them removed.
  • Avast Software found that Github was a popular vector for cunning crypto miners. They simply create forks of existing legitimate products and hide the malware within.


Can You Prevent Cryptojacking?

You may not be able to prevent cryptojacking. You may just get unlucky. But there are certain cyber hygiene practices that you can adopt. Never click on a link in an email. Don’t be fooled even by an HTTPS site, as it may still contain malware. Try running an anti-phishing software, antivirus, and adblocker. Plugins like NoCoin and MinerBlock may also help prevent some incidents.

Companies looking to prevent their servers from getting cryptojacked need to carry out good patch management and educate their employees on what to look out for to prevent phishing attacks.

It’s not always easy to detect cryptojacking since most desktop antiviruses won’t notice the malware. But you will see your battery getting extra hot or draining down quickly or your computer taking longer than usual to complete tasks.

Companies should have an easier job of detecting cryptojacking since it’s fairly easy to see when using network monitoring solutions, which most organizations should have. IT departments should also constantly monitor their website files for any new JavaScript code or file changes.

Closing Thoughts

What is cryptojacking? It’s 2018’s biggest cybercrime, which is growing in popularity. So, if you think your device may be infected, don’t wait. Go and get it checked out today.

This article was originally published on Coincentral.


Christina Comben

Christina is a B2B writer and MBA, specializing in fintech, cybersecurity, blockchain, and other geeky areas. When she’s not at her computer, you’ll find her surfing, traveling, or relaxing with a glass of wine.


“Top Misconceptions of Cryptocurrency as a Payment System”


Which can be read on Amazon Kindle Unlimited for Free  You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)