Cryptojacking | What is it?: Everything about Cryptojacking

What is Cryptojacking

Cryptojacking is a kind of destructive behavior. The malware is installed on networked devices (from the phone, game consoles to any device of the organization server). After installation, the malware will use the hijacked computing power to “mine” Cryptocurrency without the user’s knowledge "

Unlike phishing or ransomware attacks, Cryptojacking almost runs silently in the background of infected devices. Therefore, the increase in encryption hijacking attacks is mainly carried out under the radar. However, new research has shown that such attacks have more than tripled since 2017, causing concern because these undiscovered vulnerabilities consume devices, reduce system performance, and expose devices to more risks.

Crypto hijacking and the value of cryptocurrencies have risen in direct proportion. Suddenly, the digital "cash" becomes a good value for money, and hackers usually take some steps to obtain revenue from the stolen data and directly use their vulnerabilities to profit from the tool.
But if all the malware silently generates cryptocurrencies in the background, is this really dangerous? The answer is clearly yes,

Let's see in details what Cryptojacking is

What is Cryptojacking?

Cryptojacking means illegally performing "mining" of virtual currency. Mining is a mechanism in which virtual currency can be acquired as a consideration for the calculation required for trading virtual currency.

Virtual currencies such as Bitcoin decentralize and manage a trading ledger on a P2P network. Therefore, the legitimacy of the newly generated transaction is verified by the participants using their own computer resources to solve complicated cryptographic problems.

In other words, mining is a mechanism that users can generate using their own personal computers, and tools for mining (coin miners) are also widely available.

Cryptojacking exploits this mechanism to illegally mine other people's computer resources. A typical trick is to infect a user's computer with malware by a malicious third party, perform tricks on mining, or tamper websites to create malicious code. The code to execute is executed, and a malicious third party has a method to obtain virtual currency.

Coinhive, a mining tool released in 2017, triggered Cryptojacking's attention. In this, the website administrator embeds the coin hive code on the site to borrow the computer resources of the site visitor and perform mining.

The purpose of the tool was to serve as a “replacement for ads” revenue source for site administrators, but it was reported that there were some cases where the tool was installed on a website without notifying the user, and the site administrator policed ​​the site. In some cases, the cases were arrested.

What are Cryptocurrencies?

Cryptocurrency is an encrypted unregulated digital asset that is used as an analog of a currency in exchange transactions. Cryptocurrency does not have a physical form, it exists only in the electronic network in the form of data. Exchange through a cryptocurrency takes place in much the same way as an exchange of emails, hence much less processing time than through a bank, minimal fees, and the absence of an intermediary.

Accounting for cryptocurrencies is called blockchain, and it is carried out collectively by all network members who have this currency. Each cryptocurrency is programmed and identified using complex code.

Bitcoin is not the only cryptocurrency, but the first in history and the most popular. Unofficially, Bitcoin is already called "digital gold." An important aspect of cryptocurrency is the technology on which it is based because it determines the safety of operations. With a sufficient number of participants, the turnover of operations in cryptocurrencies can reach billions of dollars, but so far, investors and ordinary users are just starting to study this niche.

In addition to Bitcoin, there is a whole group of so-called "altcoins" that is also actively growing. Among the leading altcoins are Litecoin, Etherium,  Ripple, and Dash.

How to use Cryptocurrency?

There are mainly the following about how to use virtual currency.

  • Electronic money charge.
  • Utility bill payment.
  • game.
  • Use cryptocurrency for purchases from online retailers. 
  • You can buy goods or services from local merchants who accept cryptocurrency.
  • Build an investment portfolio with your cryptocurrency.

Why Cryptojacking is increasing?

I don't think there is one answer, but according to the 2018 threat report from the company's anti-malware service provider, Webroot, compared to conventional attack methods such as targeted attacks and ransomware It is reported that anonymity, easiness, and profitability are some of the factors contributing to the increase.

In the case of normal malware, the malicious code or program was inadvertently executed or malicious code or program was executed by a method known as a drive-by download, and then confidential information was included after it entered the PC. Try to get the file. On the other hand, in the case of Cryptojacking, it can be said that it is structurally simple because it uses only CPU resources.

Also, since many types of Cryptojacking such as Coinhive are operated by JavaScript, they can be executed on most PCs and browsers, making it difficult to notice the infection or prevent the infection. It can be said that the increase is also a factor. If the trading price of virtual currencies rises, the profits of attackers also increase, and it is expected that Cryptojacking will also increase.

Cryptojacking methods and how Cryptojacking works

How cryptojacking works

Cryptojacking is a method in which a third party arbitrarily uses the power of another person's computer to mine virtual currencies, but what is the specific method used?

Cryptojacking is done in two ways.

  • Inject code into the user's computer
  • Put the code on your website or banner
In the case of "1", the email is sent to the user mainly with an illegal link in the text, and when the user clicks, the code is executed and captured by the computer.

The other is to embed malicious code on a website or banner that will be executed when a user browses the page.

There are two main infection routes: patterns such as GhostMiner and WannaMine that infect by exploiting vulnerabilities in server and client PCs and patterns such as Coinhive that falsify websites and advertisements of legitimate websites and allow viewers to execute JavaScript.

What happens if I get infected by Cryptojacking?

If you are infected with crypto-jacking, the CPU usage will be high and the operation of the entire PC will feel heavy, and the battery will drain quickly.

You may notice something strange if the CPU usage rate rises or the fans start making noises only when you visit a particular site, but many PC users happen to have a heavy PC. I'll overlook it.

Depending on the case, processing may be delayed and work may be delayed, and there is a possibility that PCs and smartphones may malfunction due to thermal runaway, so a mechanism to prevent and detect infection by crypto-jacking is necessary.

Cases of Cryptojacking

1. Tesla Example

In February2019, a tool for mining called Stratum was set up in the cloud system by AWS of Tesla, which is known for electric vehicles. As a result, there have been cases where cloud resources were arbitrarily used to mine virtual currencies.

2. Showtime, Politifact Example

In the fall of 2017, code for C
ryptojacking was embedded in sites such as "" and "Showtime". By embedding the code, the code would run on the device unnoticed by users visiting your site, providing computer resources for mining.

3. Example, Installed in Android Device

In some cases, criminals had forced to install software for mining Monero virtual currencies on approximately 800,000 Android devices. This has been reported since the beginning of this year.

In this way, the number of cases of Cryptojacking damage has expanded rapidly with the rise in cryptocurrencies since 2018.

Who is at risk?

Any networked device can be used to mine cryptocurrencies. However, the goal of most Cryptojacking operations is to hijack a large number of devices and further incorporate the processing power of their mining to create a more efficient network to generate revenue.

This strategy is adopted because the power consumption of multiple different devices is small, which reduces the possibility of people being hacked. After all, the power is so small that it can be ignored.

Once hacked, the attacker will connect these devices together and can create a large password hijacking network. Therefore, these attacks are usually targeted at large companies or large enterprises, where multiple devices can be easily and conveniently accessed.

Measure to prevention from Cryptojacking

To prevent infection by Cryptojacking, apply security patches for OS and applications as appropriate, block access to suspicious sites and unnecessary sites, and update antimalware product definition files regularly. I think that scanning is three effective measures.

Disabling JavaScript in the web browser is also one of the effective measures, but I think that it is quite difficult in reality because many recent websites assume that it works with JavaScript. 

Also, as a measure to prevent infection by malware, it is important to handle emails carefully and be careful about attachments and links in the email body.

Then, keep the OS and applications up to date (resolve vulnerabilities), install the latest antivirus software, update definition files automatically, and keep them up to date. You should also take measures against malware.

To prevent employees from using mining tools without their permission, companies need to set security policies regarding software handling within their organizations and implement access restrictions as necessary.


In this article, we have introduced an overview of Cryptojacking and measures to prevent infection. What did you think? Cryptojacking will continue to be a vicious piece of malware as cryptocurrencies become more valuable.

I think it's new to everyone's memory that cryptocurrencies such as Bitcoin soared last year and received a lot of attention as an investment target. However, as the value increases, attempts to illegally obtain cryptocurrencies and make profits are increasing. One of them is Cryptojacking, which uses other people's computer resources without permission to mine virtual currencies.

In Cryptojacking, it is mainly used to tamper with email links or websites and embed the code so that the mining code is executed on the user's terminal and a third party receives the virtual currency. I am. To prevent this, it is effective to prevent malicious code from being executed, such as not executing JavaScript in the browser.

It's not good for resources to be used for mining without your knowledge. It is important to take proper measures to prevent this.

Frequently asked questions

Q. Is Cryptojacking illegal?

A. Performing mining coins without the consent of the owner of the device is Cryptojacking. Cryptojacking illegal.

Q. What is coin miner malware?

A. Coin miners are known as cryptocurrency miners that can mine cryptocurrencies like Bitcoin, Ethereum, etc. When you are mining on your own devices that provide a decent source of income.

Coin miner malware is a kind of threat or virus that uses mining software to take advantage of someone else computing resources such as GPU, CPU, etc.

Q. How do you prevent Cryptojacking?

A. You can see the above article to take better knowledge about the prevention of Cryptojacking.

Post a Comment

Previous Post Next Post