Cryptojacking is a new form of cybercrime gaining ground within the crypto industry (now the second most common form of cybercrime to date), Given how quickly cybercrime evolves, it’s not surprising that few have heard of it. And being that its perceived as a victimless crime, it may not go away anytime soon.

What is cryptojacking?

In brief, cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. It’s done so by hackers who hijack a computer’s processing power via malware. With malware, hackers are able to mine Monero, ByteCoin, AEON, and other small coins surreptitiously. While not as lucrative as bitcoin mining, this form of mining helps hackers avoid the high costs associated with large mining rigs.

How does cryptojacking work? Primarily in one of two way. Hackers may send out a phishing email requesting users to click an innocent looking link. When they do, crypto mining code automatically loads on their computer. Alternatively, hackers may infect a website with an online ad containing JavaScript code (with the code executing automatically once it loads on a browser). Either way, once code is loaded onto a user’s computer it can start mining crypto for the hacker. The code simply utilizes the jacked computers’ processors to run complex mathematical problems. The results are sent to the hacker’s server when complete.

Why is cryptojacking exploding?

It’s easy. It’s simply not necessary to have mad hacker skills to cryptojack a computer. Cryptojacking kits are available for as little as $30 on the dark web. The malware does the heavy lifting. Criminals need only have access to other computers. Since malware can operate on many different devices and these devices are ubiquitous, this crime has offers low-barriers to entry. It’s profitable. Distributing adware is the most common cybercrime committed. While ransomware is also profitable, it requires user participation (the user must pay a ransom in order to get his/her data back). Cryptojacking happens quietly and without user awareness. As such, it continuously generates revenue everytime an infected laptop is opened. It’s less risky than other cybercrime. When a computer owner discovers that he/she has been cryptojacked (if they ever do), they’re unlikely to do anything about it. From outside appearances, nothing has been stolen and the computer has not been obviously harmed. It’s also difficult to trace cryptojacking back to its source (particularly when its mining anonymous cryptocurrencies like Zcash or Monero).



And yet, cryptojacking is not a victimless crime. While cryptojacking scripts do not destroy hard drives as viruses do, they invariably slow down computer performance. When processing power is silently siphoned away, the ability for computer users to quickly and efficiently execute tasks is compromised. Cryptjacking scripts may even cause computers to overheat and become permanently damaged. Thin mobile devices like tablets and smartphones are particularly vulnerable to this risk.

How common is cryptojacking?

Being seemingly victimless, cryptojacking is quickly becoming rampant. Although no one knows how extensive cryptojacking is, signs suggest that it’s growing incredibly fast. For instance, Adguard found 33,000 websites running crypto mining scripts last November. The combined visitor count for these sites was over a billion. Not incidentally, Coinhive, a Javascript miner named used legitimately to mine crypto, is quickly becoming popular.as well. More than 34,474 sites were recorded as running Coinhive earlier this year (via The Bad Packet Report).

How can you tell if you’ve been cryptojacked?

When computers are cryptojacked, users observe a notable decline in processing power, frequent overheating, and ongoing noise. Consequently, if you notice your computer running much more slowly, loudly, or getting very hot, malware associated with cryptojacking may be the cause. For those that suspect this is the case, multiple ways exist to block cryptojacking.

What can you do if you discover cryptojacking?

If you’ve been cryptojacked, it’s important to eliminate and/or block all website-delivered scripts. Users will need to kill the browser tab running the script or, if an extension has infected the browser, they must update all their extensions and remove the ones that are infected. Another solution is to download browsers with built-in ad blockers equipped with protection against crypto mining. Or similar-type extensions like minerBlock or No Coin. However, the most important safeguard that users can employ against cryptojacking is simple awareness. Once cryptojacking has been identified, a user has the capability to stop it right away if it occurs.