Back to All Dictionary

Cryptojacking

Cryptojacking is a type of cyberattack where malicious actors secretly hijack a victim's computing power to mine cryptocurrencies. This is done without the user's knowledge or consent. Attackers typically inject malicious code into websites or applications, or use malware to infect devices. The goal is to generate cryptocurrency profits for the attacker by exploiting the victim's CPU or GPU resources.

Understanding Cryptojacking

Cryptojacking often occurs when a user visits a compromised website or clicks a malicious link. The embedded script then runs in the background, consuming CPU cycles to mine digital currency. Another common method involves malware installed on a device, which continuously mines cryptocurrency. This can affect individual computers, servers, and even mobile devices. Victims typically notice a significant slowdown in device performance, increased power consumption, and overheating, as their resources are diverted for mining operations. Detecting cryptojacking requires monitoring system performance and network traffic for unusual activity.

Organizations bear the responsibility of protecting their networks and endpoints from cryptojacking through robust cybersecurity measures. This includes implementing strong endpoint detection and response solutions, network monitoring, and user education. The primary risk impact is operational disruption due to degraded system performance and increased energy costs. Strategically, preventing cryptojacking is crucial for maintaining system integrity and resource availability, ensuring business continuity, and avoiding financial losses from unauthorized resource usage. Effective governance involves regular security audits and patch management.

How Cryptojacking Processes Identity, Context, and Access Decisions

Cryptojacking involves an attacker secretly using a victim's computing resources to mine cryptocurrency without their consent. This typically occurs when a user visits a compromised website or clicks on a malicious link that executes a hidden script in their browser. Alternatively, malware can be installed on a device through phishing emails or infected software. Once active, the script or malware silently consumes CPU cycles and electricity to solve complex cryptographic puzzles, generating cryptocurrency for the attacker. The victim's device often experiences slow performance, increased power consumption, and overheating, though these signs can be subtle. The goal is covert resource theft.

The lifecycle of a cryptojacking attack often begins with initial compromise, followed by persistent execution of mining code. Attackers frequently update their scripts or malware to evade detection by security tools. Governance involves monitoring network traffic for unusual connections to known mining pools and detecting abnormal CPU usage spikes on endpoints. Integrating endpoint detection and response EDR solutions and network intrusion detection systems NIDS helps identify and block cryptojacking attempts. Regular security audits and user education are crucial for prevention and rapid response.

Places Cryptojacking Is Commonly Used

Cryptojacking is primarily used by malicious actors to illicitly generate cryptocurrency, exploiting unsuspecting users' computing power.

  • Compromised websites embedding hidden JavaScript miners to exploit visitor browsers for profit.
  • Malicious advertisements injecting mining scripts into legitimate web pages without user knowledge.
  • Infected mobile apps secretly running cryptocurrency mining operations in the background on user devices.
  • Cloud instances or servers hijacked to perform large-scale, resource-intensive cryptocurrency mining operations.
  • Phishing campaigns delivering malware that installs persistent cryptojacking software on target devices.

The Biggest Takeaways of Cryptojacking

  • Monitor CPU usage spikes and unusual network activity on endpoints and servers.
  • Implement browser extensions that block known cryptojacking scripts and malicious ads.
  • Educate users about phishing and suspicious links to prevent malware installation.
  • Deploy endpoint detection and response EDR solutions to identify and quarantine mining malware.

What We Often Get Wrong

Cryptojacking is always obvious.

Many cryptojacking attacks are designed to be subtle, using only a fraction of CPU resources to avoid detection. Users might notice slight slowdowns or increased fan noise, but often attribute it to other issues, leading to prolonged compromise.

Ad blockers fully protect against it.

While some ad blockers can prevent browser-based cryptojacking scripts, they are ineffective against malware installed directly on a device. Comprehensive security requires endpoint protection and network monitoring beyond just browser-level defenses.

Only affects personal computers.

Cryptojacking frequently targets cloud servers, enterprise networks, and IoT devices due to their significant processing power and often less stringent monitoring. Attackers seek any available compute resources, not just individual user machines.

On this page

Related Terms

Kubernetes Secrets Management
Attack Complexity
Governance Policy Lifecycle
Exploit Chain
Heuristic Threat Detection
Cross-Site Scripting
Endpoint Exposure
Defensive Security

Frequently Asked Questions

What is cryptojacking?

Cryptojacking is a cyberattack where an attacker secretly uses a victim's computing power to mine cryptocurrency without their consent. This malicious activity often goes unnoticed by the victim. Attackers profit from the mined currency, while the victim experiences slower device performance, increased electricity bills, and potential hardware damage due to overuse. It is a form of resource theft.

How does cryptojacking work?

Attackers typically inject malicious JavaScript code into websites or distribute malware through phishing emails or infected apps. When a user visits an infected site or opens a malicious file, their device starts mining cryptocurrency for the attacker. This process runs in the background, consuming CPU resources and often remaining hidden from the user.

What are the signs of cryptojacking?

Common signs include a significant slowdown in computer performance, especially when browsing the internet or using specific applications. Your device's fan might run constantly and loudly, indicating high CPU usage. Unexplained battery drain on mobile devices or higher electricity bills for desktop users can also point to cryptojacking activity.

How can cryptojacking be prevented?

To prevent cryptojacking, use robust antivirus software and keep it updated. Employ browser extensions that block cryptominers, such as NoScript or ad blockers. Be cautious of suspicious links and email attachments. Regularly update your operating system and applications to patch vulnerabilities that attackers might exploit. Monitor your system's performance for unusual activity.