- Cryptojacking is the malicious act of using someone else’s computer to mine cryptocurrency.
- Device owners are typically tricked into downloading a script that grants attackers control of the computer’s resources.
- Cryptojacking is very widespread and the attacks are becoming more sophisticated.
Every so often, there’s a story about a company, hospital, or government agency hit with ransomware—that is, malware that prevents use of a network of computers unless a ransom is paid to the hackers behind the attack, usually in hard-to-trace cryptocurrency.
Cryptojacking, by contrast, doesn’t command quite as many headlines… in large part because many people don’t even notice that it’s happening. Essentially, cryptojacking maliciously uses someone’s computer or network of computers to stealthily mine cryptocurrency, earning the attackers money by using resources that they’re not paying for. Multiply that by thousands, maybe many times over, and there’s serious money to be made for attackers.
While not as obvious or intrusive as other malware and ransomware schemes, cryptojacking can have an adverse effect on your computer’s performance and lifespan, as well as your energy bills. It may also point to holes in your device security that could lead to more disruptive attacks. Here’s what you need to know.
What is cryptojacking?
Cryptojacking is a process by which a remote attacker successfully installs a script on a computer, smartphone, or cloud server infrastructure, thus enabling it to use that device’s processing resources to mine cryptocurrency. Mining cryptocurrency is a process that typically requires powerful computers, and given the immense energy costs, can be more expensive than it’s worth—that is, if you’re the one paying the bills.
By tapping into a distributed network of infected devices, attackers can use cryptojacking to mine cryptocurrency, benefit from the coin mined in the process, and not have to deal with the expenses of obtaining (and maintaining) powerful hardware and costly energy bills.
How does cryptojacking work?
You must have the mining software installed on your device for attackers to use it for cryptojacking. This often occurs via phishing emails that trick users into downloading a file that they think is safe, but is actually malware that is maliciously designed to hijack your computer’s resources without your knowledge.
In some cases, malicious websites may have hidden scripts that can use your computer for mining while you visit them, a process called “drive-by cryptojacking.”
Once your computer is infected and an attacker successfully has remote command of your device, you may notice it running slower than usual, or hear the fan running more often than normal. That is because mining is a resource-intensive activity, and can affect your ability to use your computer or phone to its full capabilities.
Monero (XMR), with its difficult-to-trace, privacy-centric design and relative ease of mining (at least compared to Bitcoin), has become the most popular coin for cryptojacking.
Did you know?
A Monero-mining cryptojacking botnet was even discovered on a United States Department of Defense web server in early 2020.
How widespread is cryptojacking?
Cryptojacking is incredibly widespread. Because of the intentionally covert nature of cryptojacking, as the software is meant to run behind the scenes for as long as possible to make the most of the attack, it’s impossible to have a clear sense of the global scale of cryptojacking.
However, consider some of these reports from security firms. Citrix reported in August 2018 that three in 10 businesses in the UK reported being affected by cryptojacking attacks within the last month, and 59% of respondents saying they had been impacted by it at some point. SonicWall reported that victims were attacked by cryptojacking scripts some 52.7 million times in the first half of 2019. And Symantec found that the prevalence of cryptojacking changes as the value of cryptocurrencies fluctuates—something to bear in mind during a crypto bull run.
Guardicore Labs has discovered #FritzFrog, a sophisticated peer-to-peer (P2P)#botnet which has been actively breaching SSH servers since January 2020. 🐸
Our blog dives deeper: https://t.co/yQqRNqcQgq#BotNet #Malware #FritzFrog #CyberAttack pic.twitter.com/kX43uBs04x
— Guardicore (@Guardicore) August 19, 2020
In August 2020, Guardicore Labs reported on the Monero-mining FritzFrog, a “new generation of peer-to-peer botnets” that attempts to brute-force its way onto servers via various known exploits. As of the report, FritzFrog had infiltrated more than 500 servers, including US and UK universities and a railway company, and had attempted to break into “tens of millions of IP addresses” including government agencies and more.
In short: the methods of attack are evolving and adapting, so cryptojacking is unlikely to cease anytime soon.
What are the dangers of cryptojacking?
While cryptojacking may not be as obviously disruptive as other forms of malware or hacking, there are various impacts on affected device owners. Your computer or phone may run slowly and be unable to perform tasks at its usual speed, while affected servers may not be able to keep up with their usual demands when saddled with crypto-mining malware.
Forcing your computer to constantly run at a high level will also consume more energy, potentially driving up your electricity bill, plus it can wear out your devices faster than normal. Additionally, if your computer has been compromised by cryptojacking malware, then it may be unsecured and open to further, perhaps even more significant and devastating attacks.
How can I protect against cryptojacking?
The most important thing you can do is ensure that your computer or device is fully updated with the latest operating system security patches and fixes, and if you use antivirus or anti-malware software, ensure that it is being updated regularly with the latest patches.
If your computer is suddenly running slowly or kicking on the fan a lot more than usual, monitor your CPU usage via the operating system tools to try and identify malicious processes that could signal cryptojacking.