What Is Cryptojacking and How Do You Detect It?

By submitting this form, I understand and acknowledge my data will be processed in accordance with Progress’ Privacy Policy. Connect with us about all things application development and deployment, data integration and digital business. Accelerate data, AI and analytics projects, manage costs and deliver enterprise growth with the Progress Data Platform. To get rid of an in-browser cryptojacker, or remove other types of browser hijackers, you may be able to uninstall or simply delete it after you detect it.

• The figure is a 43.2% increase from the 97 million attempts recorded the year before and the first time the volume of cryptojacking attempts crossed the 100-million mark.
• In 2020, Cisco reported 69% of its customers were affected by cryptomining malware.
• The Log4Shell vulnerability has been a boon to cryptojacking attackers in 2022.
• Every time a piece of cryptocurrency is “minted,” it’s sent to the attacker’s crypto-wallet.

Cryptojacking attack – examples

Cryptojacking might seem like a relatively harmless crime since the only thing ‘stolen’ is the power of the victim’s computer. But the use of computing power for this criminal purpose is done without the knowledge or consent of the victim, for the benefit of criminals who are illicitly creating currency. We recommend following good cybersecurity practices to minimize the risks and to install trusted cybersecurity or internet security onto all of your devices.

Romanian attackers target Linux machines with cryptomining malware

Like most other malicious attacks on the computing public, the motive is profit, but unlike many threats, it’s designed to stay completely hidden from the user. To understand the mechanics of the threat and how to protect yourself against it, let’s begin with a bit of background. People would openly disclose that visitors’ computers would be used to mine cryptocurrency while they were on the site. This eventually gave rise to drive-by cryptomining, which involves using visitors’ devices to mine crypto without their permission. However, most people’s passwords are fairly short sequences of letters and digits.

Disable JavaScript

Coinhive made it much easier for websites to integrate browser-based cryptojacking. While the company recommended that websites let their visitors know when their browsers were being used to mine cryptocurrencies, the reality is that many didn’t notify them or ask for consent. Cryptomining can be incredibly intensive, so it can drain your battery much more rapidly than normal and draw a greater amount of electricity from your home. The actual amount of power consumption depends on how many devices in your home are involved in cryptojacking, how intensely they are mining, and how long they are on for. If this is the case, the website, its advertisers or attackers could be using your computer’s resources without your knowledge, and all without you having to download a thing. In certain situations, this may not be so bad – your favorite websites could be using a small proportion of your resources to mine cryptocurrency instead of (or in addition to) showing ads.

In February 2018, a Spanish cybersecurity firm, Panda Security, announced that a cryptojacking script, known by its nickname “WannaMine,” had spread to computers around the world. The new malware variant was being used to mine the cryptocurrency monero. Although these What is cryptojacking scams may appear to be legitimate, interacting with them can unleash a Trojan onto your computer network and allow cybercriminals to steal your computing power. Cryptojackers aim to mine cryptocurrency for free by deploying malware on their targets’ servers.

• You should also try scanning for malware through your website’s dashboard.
• Monitoring tools for IT infrastructure are essential for achieving optimal performance and availability.
• TeamTNT was one of the first hacking groups to shift cryptojacking focus heavily to cloud-oriented services.
• Last summer Bitdefender discovered a Romanian threat group that was targeting Linux-based machines with SSH credentials to deploy Monero mining malware.
• We will cover it in more detail in the Cryptojacking popularity & the rapid rise of Coinhive section, where we discuss how cryptojacking went from an unsuccessful concept to a huge threat within a matter of months.
• Cybercriminals can simply hijack someone else’s machine with just a few lines of code.

While much of this article has taken a negative tone toward cryptojacking, the technique itself isn’t inherently bad. If websites ask for explicit consent before conducting it at the browser level – or give their users the opportunity to choose between it and ad displays – the process doesn’t have to be wholly negative. You should also try scanning for malware through your website’s dashboard. While you’re at it, search for any other changes the attackers may have made and reverse any that you find. This includes the basics like changing your passwords, updating all of your software and setting up two-factor authentication.

Simply put, cryptomining occurs when computer processing cycles are exchanged for money (cryptocurrency). Cryptomining is the process by which cryptocurrency transactions are added to the blockchain ledger, a time-stamped record of the activity. Each time a cryptocurrency transaction happens, a cryptocurrency miner updates the blockchain and verifies that the information is authentic. A blockchain is a chain of information that timestamps digital transactions so they can’t be double-recorded or backdated. In a cryptocurrency blockchain, each of the blocks in the chain stores details and data about a transaction, including the receiver and sender, the number of coins involved in the transaction, and a cryptographic hash.

They can acquire cryptojacking malware quite cheaply on darknet marketplaces. The most famous example of browser-based cryptojacking is Coinhive, which blurred the lines between an innovative funding model and a new technique in the cybercriminal’s playbook. We will cover it in more detail in the Cryptojacking popularity & the rapid rise of Coinhive section, where we discuss how cryptojacking went from an unsuccessful concept to a huge threat within a matter of months. Torrent sites were some of the earliest adopters, but it spread to a range of others as well, including the publisher Salon. While cryptojacking isn’t intrinsically bad, the approach often cops criticism because it’s generally done without asking for the user’s permission beforehand.