Decoded: Cryptojacking

It may sound like something out of a William Gibson novel but cryptojacking is becoming a bigger problem every day. Find out what it means to your devices’ CPUs in our latest Decoded explainer.

By Jo Best

Tue 20 Mar 2018 @ 10:45

What is cryptojacking?

Despite sounding like something out of a sci-fi film, cryptojacking is a real-world problem. It's the practice of exploiting unsuspecting users' PCs and smartphones to mine cryptocurrency.

How does it work?

Cryptojacking malware is typically spread through the same vectors as other types of malicious code: email attachments, links on social media or by disguising itself as a legitimate app.

Cryptojacking can also be conducted through browsers, when individuals land on websites that harbour cryptojacking scripts. Those behind the malware hijack unused processing power in the victims' machines to mine cryptocurrencies for cash rewards.

Why is cryptojacking becoming so popular now?

Cryptojacking has been around for a number of years but it started making headlines at the tail end of 2017 when the number of variants using the technique spiked sharply.

There are two main trends underpinning the current rise in cryptojacking's popularity. The first is that the values of cryptocurrencies – Bitcoin and Monero in particular – have risen dramatically. Each little bit of purloined CPU may not mine huge amounts of cryptocurrency on its own but with enough infected machines working overtime cryptojacking can generate healthy profits for those running the scam.

The other trend driving cryptojacking's popularity is the recent decline of online criminals' previous favourite malicious software: ransomware. While ransomware was once a quick way to make a buck, the rise in cryptocurrency prices has changed the playing field. A typical ransom used to be one Bitcoin, when that was the equivalent of a few hundred dollars. Now one Bitcoin is worth several thousand dollars, meaning it's much harder to get victims to pay up. At the same time, initiatives that enable ransomware's victims to get their files back without paying the fee demanded have gained traction and cut into criminals' profits.

Should I be worried about cryptojacking?

At first, it might seem like a relatively benign phenomenon – after all, we’re talking about unused processing power that's being taken over. However, the consequences of being cryptojacked can be surprisingly serious: one Android malware strain known as Loapi, which undertakes cryptojacking among other tasks, put such a strain on infected devices' processors and batteries that it caused an infected smartphone to overheat and almost blow up.

Most cryptojacking victims won't suffer anything quite so dramatic, but they may become aware that their battery is overheating, either because their hardware feels warm or because its fan is making a lot of noise. Those machines that are regularly subjected to such a battering from cryptojacking may suffer a shortened lifespan as a result.

Is there a legal use for cryptojacking?

Some have argued that something close to cryptojacking could be put to work by legitimate companies. By putting certain JavaScript on their websites, companies can get PCs and phones that visit to donate their spare processing power, which is used to mine for Monero on the company's behalf. Potentially, this could be done with users' consent – a pop-up could inform them of the practice when they first land on the site, for example – but, typically, it's done in the background without their knowledge or permission.

How does cryptojacking affect businesses?

Microsoft recently warned that it has seen an increase in cryptojacking in enterprise environments, where business IT resources are redirected into cryptocurrency mining. Such enterprise cryptojacking could be the work of cybercriminals but it could equally be carried out by staff members with access to internal systems who then planted the coin-mining code.

Companies have also found cryptojacking affecting their operations after their websites were compromised. Government organisations in both the UK and Australia found that threat actors had injected cryptocurrency-mining code into their sites through a popular browser plugin.

Is cryptojacking lucrative?

It depends on whose estimates you believe. Cryptojacking could earn websites with a reasonable amount of traffic hundreds of thousands of dollars a month. However, not all cryptojacking campaigns have such high revenue: despite injecting cryptojacking script into several thousand websites, one group of cybercriminals managed to generate less than $25.